Snort mailing list archives
RE: Multiple IP addresses or use of variables in threshold.conf using SUPPRESS
From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Mon, 14 Feb 2005 10:16:42 -0600
Also, is it possible to specify a track by_src and by_dst all using a single line? This means we have to create 32 lines to accomodate both track by_src and track by_dst. Their's no way to specify track by both? Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 x327 Fax: (877) 262-7593 Web: http://www.appliedwatch.com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Eric Hines Sent: Monday, February 14, 2005 10:13 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Multiple IP addresses or use of variables in threshold.conf using SUPPRESS I am having trouble specifying more than one IP in a suppress line in the threshold.conf. We've got to suppress 16 IP addresses and can't use a CIDR. Does anyone know if its possible to A) Specify a variable which contains a [ ] of multiple Ips B) Specify more than one IP separated by comma's in a single suppress line? Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 x327 Fax: (877) 262-7593 Web: http://www.appliedwatch.com ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple IP addresses or use of variables in threshold.conf using SUPPRESS Eric Hines (Feb 14)
- RE: Multiple IP addresses or use of variables in threshold.conf using SUPPRESS Eric Hines (Feb 14)
- Re: Multiple IP addresses or use of variables in threshold.conf using SUPPRESS Alex Butcher, ISC/ISYS (Feb 15)