Snort mailing list archives
Re: Supressing alert
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 26 Jun 2009 14:14:21 -0400
Write a specific pass rule. -- Sent from my iPhoneOn Jun 26, 2009, at 1:52 PM, "Jefferson, Shawn" <Shawn.Jefferson () bcferries com > wrote:
Hi,I want to suppress an alert, but only from a specific src to a specific dst. Looking at the documentation for alert suppression, it looks like you can either use track by_src OR by_dst. What’s the best way to do this?Thanks, -- Shawn--- --- --- ---------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Supressing alert Jefferson, Shawn (Jun 26)
- Re: Supressing alert Joel Esler (Jun 26)
- Re: Supressing alert Shenk, Jerry A (Jun 26)
- Re: Supressing alert Jefferson, Shawn (Jun 29)
- Re: Supressing alert Tommie Giles (Jun 26)