[Snort-users] Thousands of alerts after upgrade

SnortFan SnortFan at ...131...
Sun Jan 26 20:43:00 EST 2014


Hi Leo,
     One quick way is to place a suppression for it in the threshold.conf file. Then restart snort. Search "snort suppression threshold.conf" in google. 

Another is to be sure your rules are up to date. That sounds like one of those preprocessor rules.  

Cheers,
Ed


Sent from a mobile device. 

> On Jan 23, 2014, at 6:13 PM, Leo <poldi at ...16673...> wrote:
> 
> Hi,
> 
> I've just upgraded to 2.9.5.6 (Build 208) on Ubuntu 13.10 and am now 
> receiving thousands of alerts for
> 
> stream5: TCP Timestamp is missing
> 
> I'm using BASE to review data and when I click on the 'snort' hyperlink 
> for that alert, I get to the snort site and am informend that this rule 
> does not exist
> 
> 
> My questions are:
> 
> 1) How can I turn this alert off
> 2) Why is this rule unknown
> 
> Thanks,
> 
> Leo
> 
> 
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today. 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list