Snort mailing list archives
Re: threshold.conf questions
From: Jeremy Hewlett <jh () sourcefire com>
Date: Wed, 1 Dec 2004 11:43:35 -0500
On Sun, Nov 28, Guillermo Calvo wrote:
1 - Can I use snort.conf variables in threshold.conf ? I'm my test I couldn't
This isn't something you can do yet; this feature is slated for 2.4.
2 - Can I suppress a rule for all src ip but just with a especific port, how? something like "suppress gen_id 1, sig_id 1394, track by_src, ip 0.0.0.0:6667 ?
Currently we've been working on adding src/dst pairs with IP lists for 2.4. Adding ports into the mix is lower on the todo list, but something we'll keep it in mind. Thanks! ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- threshold.conf questions Guillermo Calvo (Nov 28)
- Testy Message - Do Not Reply Michael Steele (Nov 28)
- Re: threshold.conf questions Jeremy Hewlett (Dec 01)