[Snort-users] Issues with suppressing some preproc rules

waldo kitty wkitty42 at ...14940...
Tue Nov 26 19:48:23 EST 2013

On 11/26/2013 6:49 PM, Mike Hale wrote:
> All,
> I was hoping someone could help me out with figuring out why I can't
> seem to be able to suppress some of the preprocessor alerts.
> I'm trying to disable, among others, the Long Header sid.

what is the GID:SID for that item??

> Thresholds.conf snippet:
> http://pastebin.com/kTiZ9mSM
> Running it through snort -T:
> http://pastebin.com/4t19tp77

these appear to be ok but...

> Snorby still shows those alerts firing off though.
> Any ideas are much appreciated.
> - Mike

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

More information about the Snort-users mailing list