[Snort-users] Noisy Alert thats not in the rules?

Jason Wallace jason.r.wallace at ...11827...
Fri Feb 24 09:32:23 EST 2012


Based on the SID, that is probably a local rule. The name isn't
resolving because either 1) sid-msg.map needs to be rebuilt or (2
barnyard needs to be restarted... or both 1 and 2.

On Thu, Feb 23, 2012 at 1:38 PM, Jeff <ffejbean at ...131...> wrote:
> All,
>    I'm getting a ton of alerts like this:
>
> Snort Alert [1:1000001:0]
>
>
> I've put this entry in /etc/snort/threshold.conf and still I'm seeing these
> alerts pile up..
>
> suppress gen_id 1, sig_id 1000001
>
>
> ..and I've grep'd  through /etc/snort/rules/* and find nothing.
>
> So.. any suggestions for a n00b as to how to get rid of these alerts?
>
> HELP?
>
> thanks!
> .jeff
>
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list