[Snort-users] Commented rule triggering alerts
Joao Daniel Neves
joaodanielnevesss at ...125...
Wed Apr 10 15:54:07 EDT 2013
I have a lot of ICMP/Ping alerts. So I decided to remove the rule that was triggering those alerts. The sid of the rule is 381.
I did the following:
grep -wril 'sid:381' ./*
I found the line and then commented it by placing an "#" in the begging of the line. I stopped Snort and then stated it again.
And I still get alert for that SID. What can I do to solve it ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users