Re: Snort Configurations

[Eoin Miller <eoin.miller () trojanedbinaries com>]

  Add this to your threshold.conf file:

---snip---
# Get rid of annoying http_inspect alerts
suppress gen_id 119, sig_id 19
suppress gen_id 119, sig_id 16
suppress gen_id 119, sig_id 15
suppress gen_id 119, sig_id 14
suppress gen_id 119, sig_id 3
suppress gen_id 119, sig_id 2
suppress gen_id 119, sig_id 4
suppress gen_id 119, sig_id 7
---snip---

Those are the ones we get rid of because they alert constantly. If this 
isn't working, then the location of the threshold.conf file you are 
editing is incorrect and it is not being read when snort is started up.

-- Eoin

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users