Snort mailing list archives
Re: Event Suppression between specific Source and Destination
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 14 Dec 2012 10:20:04 -0500
On Fri, Dec 14, 2012 at 11:04:23AM +0100, Guido Hungerbuehler wrote:
Hi I am running snort with alert-before-log configuration (it is necessary). How can I suppress a signature between two specific hosts? With the 'Event Suppression' configuration it is only possible to select either track by_src or track by_dst. The next question is: Why is this even like this for 'Event Suppression'? I already searched the mailing-list archive because I think this issue has to be discussed earlier but I didn't find any information. Thanks for your help.
If you suppress it in one direction, then you won't see the alert. If you bi directional traffic that you want to suppress, you need to create two suppressions -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Event Suppression between specific Source and Destination Guido Hungerbuehler (Dec 14)
- Re: Event Suppression between specific Source and Destination Joel Esler (Dec 14)
- Re: Event Suppression between specific Source and Destination Guido Hungerbuehler (Dec 14)
- Re: Event Suppression between specific Source and Destination Joel Esler (Dec 14)
- Re: Event Suppression between specific Source and Destination Guido Hungerbuehler (Dec 14)
- Re: Event Suppression between specific Source and Destination Joel Esler (Dec 14)
- Re: Event Suppression between specific Source and Destination Guido Hungerbuehler (Dec 14)
- Re: Event Suppression between specific Source and Destination waldo kitty (Dec 14)
- Re: Event Suppression between specific Source and Destination Jeremy Hoel (Dec 14)
- Re: Event Suppression between specific Source and Destination Tony Robinson (Dec 15)
- Re: Event Suppression between specific Source and Destination Jeremy Hoel (Dec 15)
- Re: Event Suppression between specific Source and Destination Guido Hungerbuehler (Dec 14)
- Re: Event Suppression between specific Source and Destination Joel Esler (Dec 14)