Snort mailing list archives
Re: Ok, Ok - I know - http_inspect
From: Chris Keladis <chris () cmc optus net au>
Date: Sat, 19 Jun 2004 09:28:26 +1000
At 06:42 AM 6/19/2004, SN ORT wrote: Hi Marc,
Yes, but is that really gen_id 119? I mean you can threshold the snort sigs but I don't know that you can threshold inspect alerts! Anyone try to threshold decode or inspect alerts? I don't know because I have not looked at threshold too much, but I do know that you have to specify a sig_id, which these particular alerts do not have. Good luck sir!
Even the pre-processors have SIDs, as well as their GID number.You can threshold (or suppress) specific SIDs generated by the pre-processors (GIDs) with no problem.
You can find the GID/SID matrix in the snort source in the file generators.h More details about configuration of thresholding is in the Snort manual: http://www.snort.org/docs/snort_manual/node18.html Regards,Chris.
------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Ok, Ok - I know - http_inspect, (continued)
- RE: Ok, Ok - I know - http_inspect Rowland, Krisa W ERDC-ITL-MS Contractor (Jun 16)
- RE: Ok, Ok - I know - http_inspect Jeff Dell (Jun 16)
- RE: Ok, Ok - I know - http_inspect Koski, Brian (Jun 16)
- RE: Ok, Ok - I know - http_inspect SN ORT (Jun 17)
- RE: Ok, Ok - I know - http_inspect Snortty (Jun 17)
- Re: Ok, Ok - I know - http_inspect sekure (Jun 17)
- Re: Ok, Ok - I know - http_inspect Snortty (Jun 18)
- Re: Ok, Ok - I know - http_inspect sekure (Jun 18)
- Re: Ok, Ok - I know - http_inspect Snortty (Jun 18)
- Re: Ok, Ok - I know - http_inspect SN ORT (Jun 18)
- Re: Ok, Ok - I know - http_inspect Chris Keladis (Jun 18)
- RE: Ok, Ok - I know - http_inspect Snortty (Jun 17)
- RE: Ok, Ok - I know - http_inspect Rowland, Krisa W ERDC-ITL-MS Contractor (Jun 16)
- Re: Ok, Ok - I know - http_inspect Jeff Kell (Jun 18)
- Re: Ok, Ok - I know - http_inspect sekure (Jun 17)
- Re: Ok, Ok - I know - http_inspect Snortty (Jun 17)