Snort mailing list archives
RE: Suppress alerts
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Mon, 17 Oct 2005 11:38:05 -0400
Is it possible that you are not modifying the correct/running snort.conf file? Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Peter Rodger Sent: Monday, October 17, 2005 10:55 AM To: Frank Knobbe; s Subject: Re: [Snort-users] Suppress alerts Frank, I did and the result is the same. Is this right Sig Id? I checked the SQL database and sig. id is 32 and I changed the result is the same too. Anybody can help me out and I am just too upset with this as too many alerts are generating. Thanks, Peter --- Frank Knobbe <frank () knobbe us> wrote:
On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger wrote:[snort] (portscan) Open Port unclassified [snort] (portscan) UDP Portsweep unclassified [snort] (http_inspect) BARE BYTE UNICODE ENCODING Are generating too many alerts. I have attemptedtosuppress these alerts in my snort.conf file likethefollowing: suppress gen_id 122, sig_id 27: suppress gen_id 122, sig_id 19: suppress gen_id 119, sig_id 4: But those alerts are still generating a lot asbefore.I do not know why these alerts can not besurppressed? Did you notice Snort giving errors on startup? Remove the colon, that might help. Regards, Frank
__________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suppress alerts Peter Rodger (Oct 14)
- Re: Suppress alerts Frank Knobbe (Oct 14)
- Re: Suppress alerts Peter Rodger (Oct 17)
- <Possible follow-ups>
- RE: Suppress alerts Briggs, Bruce (Oct 14)
- RE: Suppress alerts Briggs, Bruce (Oct 17)
- RE: RE: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Re: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Fwd: Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
- Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Frank Knobbe (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
- Re: Fwd: Re: Suppress alerts João Mota (Oct 18)
- Re: Fwd: Re: Suppress alerts Peter Rodger (Oct 18)
- RE: Fwd: Re: Suppress alerts Patrick Harper (Oct 18)
- Re: Suppress alerts Frank Knobbe (Oct 14)