Snort mailing list archives
thresholding: SMNP alerts
From: Steffen "Maetzky (extern)" <Steffen.Maetzky () gedas de>
Date: 15 Apr 2004 17:52:36 +0200
Hi, I want to ignore warnings of 3 different IP's (test-server) and have made the following entry into my threshold.conf which I've included into snort.conf: #SNMP public access udp suppress gen_id 1, sig_id 1411, track by_src,ip [<IP1> <IP2> <IP3>] restarting snort... no error message, but doesn't work #SNMP public access udp suppress gen_id 1, sig_id 1411, track by_src,ip [<IP1>, <IP2>, <IP3>] restarting snort... error message Seems to me that's not possible to use an IP-list: #SNMP public access udp suppress gen_id 1, sig_id 1411, track by_src,ip <IP1> suppress gen_id 1, sig_id 1411, track by_src,ip <IP2> suppress gen_id 1, sig_id 1411, track by_src,ip <IP3> restarting snort... no error message, but doesn't work I think gen_id 1 (rules) should be right but I've also tried 121 without success. Does anyone know what's wrong? ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- thresholding: SMNP alerts Maetzky (extern) (Apr 15)