[Snort-users] Event Suppression between specific Source and Destination
guh at ...15642...
Fri Dec 14 05:04:23 EST 2012
I am running snort with alert-before-log configuration (it is
necessary). How can I suppress a signature between two specific hosts?
With the 'Event Suppression' configuration it is only possible to select
either track by_src or track by_dst.
The next question is: Why is this even like this for 'Event Suppression'?
I already searched the mailing-list archive because I think this issue
has to be discussed earlier but I didn't find any information.
Thanks for your help.
More information about the Snort-users