Snort mailing list archives

Re: threshold.conf questions

From: Jeremy Hewlett <jh () sourcefire com>
Date: Wed, 1 Dec 2004 11:43:35 -0500

On Sun, Nov 28, Guillermo Calvo wrote:

   1  - Can I use snort.conf variables in  threshold.conf ? I'm my test I
   couldn't


This isn't something you can do yet; this feature is slated for 2.4.

   2  -  Can  I  suppress a rule for all src ip but just with a especific
   port, how?

   something  like  "suppress  gen_id  1,  sig_id  1394, track by_src, ip
   0.0.0.0:6667 ?


Currently we've been working on adding src/dst pairs with IP lists for
2.4. Adding ports into the mix is lower on the todo list, but something
we'll keep it in mind. Thanks!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

threshold.conf questions Guillermo Calvo (Nov 28)
- Testy Message - Do Not Reply Michael Steele (Nov 28)
- Re: threshold.conf questions Jeremy Hewlett (Dec 01)