Snort mailing list archives
Threshold Suppression Not Working
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Mon, 31 Jan 2005 11:11:12 -0600
I am trying to suppress the below portscan alerts due to high volumes of alerts: * (portscan) Open Port * (portscan) TCP Portscan * (portscan) UDP Portscan * (portscan) TCP Portsweep * (portscan) UDP Portsweep I have added it to the threshold.conf file along with my other working alert suppressions. Below is the format for the above: * suppress gen_id 122, sig_id 3 * suppress gen_id 122, sig_id 19 * suppress gen_id 122, sig_id 27 Thess lines are not working, so I had to disable the preprocessor within snort.conf. Any help would be great! Thanks... Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA) Senior Architect Data Integrity, LLC "We Integrate People with Solutions" 1724 Dallas Drive Suite 11 Baton Rouge, La 70806 Office. 225.927.8030 Fax. 225.927.8033 Cell225.931.1632 Email. rjenkins () dibr net Web. www.dibr.net
Current thread:
- Threshold Suppression Not Working Ron Jenkins (Jan 31)
- Re: Threshold Suppression Not Working Alex Butcher, ISC/ISYS (Feb 01)
- <Possible follow-ups>
- RE: Threshold Suppression Not Working Ron Jenkins (Feb 01)
- snort configuration in layer 2 Peggy Kam (Feb 01)
- Re: snort configuration in layer 2 Matt Kettler (Feb 01)
- threshold for alerts but not for logs? Peggy Kam (Mar 01)
- snort configuration in layer 2 Peggy Kam (Feb 01)