[Snort-users] Issues with suppressing some preproc rules

Mike Hale eyeronic.design at ...11827...
Tue Nov 26 18:49:08 EST 2013


All,

I was hoping someone could help me out with figuring out why I can't
seem to be able to suppress some of the preprocessor alerts.

I'm trying to disable, among others, the Long Header sid.

Thresholds.conf snippet:

http://pastebin.com/kTiZ9mSM

Running it through snort -T:

http://pastebin.com/4t19tp77

Snorby still shows those alerts firing off though.

Any ideas are much appreciated.

- Mike

-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0




More information about the Snort-users mailing list