Snort mailing list archives
Re: Performance and rule tuning
From: Joel Esler <eslerj () gmail com>
Date: Thu, 4 Dec 2008 14:11:15 -0500
On Dec 4, 2008, at 1:57 PM, Jefferson, Shawn wrote:
Hi, I've read through the README and I still have a question.. what should the gen_id of "ftp_pp: FTP command channel encrypted" be? 125 or 1 ? My suppress rule looks like: suppress gen_id 125, sig_id 7
It's 125, 7. But for future reference, these numbers are located in your gen-msg.map in the etc/ directory of the tarball. Joel ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Performance and rule tuning Jefferson, Shawn (Dec 02)
- Re: Performance and rule tuning (linux) Phil Wood (Dec 02)
- <Possible follow-ups>
- Re: Performance and rule tuning Nathaniel Richmond (Dec 02)
- Re: Performance and rule tuning Jefferson, Shawn (Dec 02)
- Re: Performance and rule tuning Jefferson, Shawn (Dec 03)
- Re: Performance and rule tuning Matt Jonkman (Dec 03)
- Re: Performance and rule tuning Joel Esler (Dec 03)
- Re: Performance and rule tuning Jefferson, Shawn (Dec 04)
- Re: Performance and rule tuning Joel Esler (Dec 04)
- Re: Performance and rule tuning Todd Wease (Dec 04)
- Re: Performance and rule tuning Jefferson, Shawn (Dec 02)