[Snort-users] Issues with suppressing some preproc rules

waldo kitty wkitty42 at ...14940...
Tue Nov 26 19:48:23 EST 2013


On 11/26/2013 6:49 PM, Mike Hale wrote:
> All,
>
> I was hoping someone could help me out with figuring out why I can't
> seem to be able to suppress some of the preprocessor alerts.
>
> I'm trying to disable, among others, the Long Header sid.

what is the GID:SID for that item??

> Thresholds.conf snippet:
>
> http://pastebin.com/kTiZ9mSM
>
> Running it through snort -T:
>
> http://pastebin.com/4t19tp77

these appear to be ok but...

> Snorby still shows those alerts firing off though.
>
> Any ideas are much appreciated.
>
> - Mike
>


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list