Snort mailing list archives
Re: threshold.conf global suppression by IP
From: Y M <snort () outlook com>
Date: Fri, 9 Sep 2016 16:41:57 +0000
Hmm, the documentation clearly states that gen_id 0, sig_id 0 can be used with suppress. Can you get exactly what causing the service to not run? I just did a quick test and snort seems to run fine. I put this in my threshold.conf suppress gen_id 0, sig_id 0 YM ________________________________ From: Mitch Gates <MGates () americanbus com> Sent: Friday, September 9, 2016 7:31 PM To: Y M Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] threshold.conf global suppression by IP When i try to suppress gen_id 0, sig_id 0 snort service will not start Sent from my Verizon, Samsung Galaxy smartphone -------- Original message -------- From: Y M <snort () outlook com> Date: 9/9/16 11:22 AM (GMT-06:00) To: Mitch Gates <MGates () americanbus com> Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] threshold.conf global suppression by IP Yes you can set a global filter among all rule types (text, so, etc). To do this, your event_filter should have: gen_id 0, sig_id 0 If you want to address text rules only, then gen_id 1, sig_id 0 and so on. YM Sent from Mobile On Fri, Sep 9, 2016 at 7:16 PM +0300, "Mitch Gates" <MGates () americanbus com<mailto:MGates () americanbus com>> wrote: Is there any way I can suppress events globally from a dst or src ip rather than defining each individual gen id and sig id I want to suppress?
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- threshold.conf global suppression by IP Mitch Gates (Sep 09)
- Re: threshold.conf global suppression by IP Y M (Sep 09)
- <Possible follow-ups>
- Re: threshold.conf global suppression by IP Mitch Gates (Sep 09)
- Re: threshold.conf global suppression by IP Y M (Sep 09)
- Re: threshold.conf global suppression by IP Victor Roemer (Sep 09)
- Re: threshold.conf global suppression by IP Mitch Gates (Sep 12)
- Re: threshold.conf global suppression by IP Y M (Sep 12)
- Re: threshold.conf global suppression by IP Mitch Gates (Sep 12)
- Re: threshold.conf global suppression by IP wkitty42 (Sep 12)
- Re: threshold.conf global suppression by IP Y M (Sep 12)
- Re: threshold.conf global suppression by IP James Lay (Sep 12)
- Re: threshold.conf global suppression by IP Y M (Sep 09)