Snort mailing list archives
Re: Thousands of alerts after upgrade
From: SnortFan <SnortFan () yahoo com>
Date: Sun, 26 Jan 2014 20:43:00 -0500
Hi Leo,
One quick way is to place a suppression for it in the threshold.conf file. Then restart snort. Search "snort
suppression threshold.conf" in google.
Another is to be sure your rules are up to date. That sounds like one of those preprocessor rules.
Cheers,
Ed
Sent from a mobile device.
On Jan 23, 2014, at 6:13 PM, Leo <poldi () zudiewiener com> wrote: Hi, I've just upgraded to 2.9.5.6 (Build 208) on Ubuntu 13.10 and am now receiving thousands of alerts for stream5: TCP Timestamp is missing I'm using BASE to review data and when I click on the 'snort' hyperlink for that alert, I get to the snort site and am informend that this rule does not exist My questions are: 1) How can I turn this alert off 2) Why is this rule unknown Thanks, Leo ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Thousands of alerts after upgrade Leo (Jan 26)
- Re: Thousands of alerts after upgrade SnortFan (Jan 26)
- Re: Thousands of alerts after upgrade SnortFan (Jan 31)