No subject


Thu Nov 23 16:36:19 EST 2017


# Global Threshold - Limit to logging 1 event per 60 seconds per IP trigger=
ing=20
# each rule
threshold gen_id 1, sig_id 0, type limit, track by_src, count 1, seconds 60

# Global Threshold - Limit to logging 1 event per 60 seconds per IP trigger=
ing=20
# each rule for each event generator
threshold gen_id 0, sig_id 0, type limit, track by_src, count 1, seconds 60

J



On Tue, Aug 01, 2006 at 04:05:24PM -0500, Reece Mills sent me:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Is there a way to suppress all alerting by CIDR using wildcards in the
> gen_id and sig_id?
>=20
> Like:
>=20
> suppress gen_id *, sig_id *, track by_src, ip 34.25.1.0/24
>=20
>=20=20
>=20
> - --
>=20
> Best Regards,
> Reece Mills, GSEC
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>=20
> iD8DBQFEz8IT9WfFCHCe/LcRAqOsAKCTzp6uEFw8Bs9HY1YKpYkh2LibJgCbBov9
> wpEnVCtSx81djGjkLHTnuzs=3D
> =3DlqmV
> -----END PGP SIGNATURE-----
>=20
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
>=20
+---------------------------------------------------------------------+
Joel Esler          Senior Security Consultant         1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
       Snort - Open Source Network IPS/IDS -- http://www.snort.org
         GPG Key: http://demo.sourcefire.com/jesler.pgp.key
           AIM:eslerjoel  YMSG:eslerjoel Gtalk:eslerj
+---------------------------------------------------------------------+

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEz9N3KbCSyXHckt4RAhNVAJ9iBbNyHApGKTLCHTL/ScHkbmZLgACcCJz8
HAK8DM6H2mnwKrCV/QTI2+I=
=rtTm
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--




More information about the Snort-users mailing list