[Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)

Lawrence R. Hughes, Sr. lhughes at ...14822...
Fri Feb 3 09:19:01 EST 2012


Joel,

That does not work, it did not work in 2.8.6.1 or 2.9.2.0.
The only way to disable them is to hash out the snort.conf file for that so_rule and that is not an answer either?

Thanks,
Larry

  ----- Original Message ----- 
  From: Joel Esler 
  To: Lawrence R. Hughes, Sr. 
  Cc: JJ Cummings ; snort-users at lists.sourceforge.net 
  Sent: Thursday, February 02, 2012 8:14 PM
  Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)


  If you comment the rule out in the stub file as JJ suggested, it should turn the rule off.  

  --
  Joel Esler

  On Feb 2, 2012, at 6:25 PM, "Lawrence R. Hughes, Sr." <lhughes at ...14972....> wrote:


    no, that does not work, infact this is what the p2p.rules header says:
    # Autogenerated skeleton rules file.  Do NOT edit by hand


      ----- Original Message ----- 
      From: JJ Cummings 
      To: Lawrence R. Hughes, Sr. 
      Cc: <snort-users at lists.sourceforge.net> 
      Sent: Thursday, February 02, 2012 6:21 PM
      Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)


      #


      Sent from the iRoad

      On Feb 2, 2012, at 18:05, "Lawrence R. Hughes, Sr." <lhughes at ...15102......> wrote:


        Hi,

        I want to disable alerts for sid:7019 gid:3 (under p2p.rules in so_rules) how would I turn off that single rule?

        Thanks,
        Larry

        ------------------------------------------------------------------------------
        Keep Your Developer Skills Current with LearnDevNow!
        The most comprehensive online learning library for Microsoft developers
        is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
        Metro Style Apps, more. Free future releases when you subscribe now!
        http://p.sf.net/sfu/learndevnow-d2d
        _______________________________________________
        Snort-users mailing list
        Snort-users at lists.sourceforge.net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users list archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users

        Please visit http://blog.snort.org to stay current on all the latest Snort news!
    ------------------------------------------------------------------------------
    Keep Your Developer Skills Current with LearnDevNow!
    The most comprehensive online learning library for Microsoft developers
    is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
    Metro Style Apps, more. Free future releases when you subscribe now!
    http://p.sf.net/sfu/learndevnow-d2d
    _______________________________________________
    Snort-users mailing list
    Snort-users at lists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users

    Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120203/75d35a4d/attachment.html>


More information about the Snort-users mailing list