[Snort-users] Thousands of alerts after upgrade

SnortFan SnortFan at ...131...
Fri Jan 31 11:58:12 EST 2014


I'm getting the rule does not exist when I lookup a preprocessor rule 119-31 ( unknown_method).  I looked in the latest set of rules I downloaded yesterday and it's there. Is the rule valid or should I suppress it???

Hi Leo,
     For your question, you can filter or suppress it using the threshold.conf file.  

You maybe also be able to disable it using pulledpork's disablesid.conf but I haven't tried that yet. 

Cheers,
Ed


Sent from a mobile device. 

> On Jan 23, 2014, at 6:13 PM, Leo <poldi at ...16673...> wrote:
> 
> Hi,
> 
> I've just upgraded to 2.9.5.6 (Build 208) on Ubuntu 13.10 and am now 
> receiving thousands of alerts for
> 
> stream5: TCP Timestamp is missing
> 
> I'm using BASE to review data and when I click on the 'snort' hyperlink 
> for that alert, I get to the snort site and am informend that this rule 
> does not exist
> 
> 
> My questions are:
> 
> 1) How can I turn this alert off
> 2) Why is this rule unknown
> 
> Thanks,
> 
> Leo
> 
> 
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today. 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list