Snort mailing list archives
Re: Snort too verbose
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 14 Nov 2011 11:57:29 -0500
Place them in the threshold.conf that is referenced from your snort.conf J On Nov 14, 2011, at 11:36 AM, Rick Chisholm wrote:
Historically, I used threshold.conf - but apparently that is well deprecated now. It's the suppress event_filter I think I am interested it - but where do I use these rules? On Mon, November 14, 2011 10:35 am, Joel Esler wrote:On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:Since upgrading to 2.9.1.x I find I'm getting much more verbose alerting than previously. Of particular note is http_inspect and ssl_ssp - which I think are from certain preprocessors. What can I do to mute these?Event_filter. Look into README.filters in the doc/ directory of the tarball. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire-- Rick Chisholm Systems Administrator Parallel42
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort too verbose Rick Chisholm (Nov 14)
- Re: Snort too verbose Joel Esler (Nov 14)
- Re: Snort too verbose Rick Chisholm (Nov 14)
- Re: Snort too verbose Joel Esler (Nov 14)
- Re: Snort too verbose Rick Chisholm (Nov 14)
- Re: Snort too verbose Joel Esler (Nov 14)
- Re: Snort too verbose Rick Chisholm (Nov 14)
- Re: Snort too verbose Joel Esler (Nov 14)