Re: Snort iplist alerts

["Joel Esler (jesler)" <jesler () cisco com>]

Useless in “I don’t know what they mean”?  Or Useless in “I don’t want to see them anymore”?

But to turn off the alerts, you have to comment out the preprocessor rules for the reputation preprocessor in 
preprocessor.rules



--
Joel Esler
Manager, Talos Group




On Dec 17, 2015, at 5:36 AM, Giuseppe Morici <giuseppe.morici () e-gate it<mailto:giuseppe.morici () e-gate it>> wrote:

Hello,
i need your support for understand if its possible and how to remove alert generated by spp_reputations .
just like : <image001.png>
or more important the packet whitelisted(that are more).

this generate a lot of useless Spam on the alert center (and a lot of useless email from my log system as well).

somebody know how can i remove the spp alert from snort?
tnx for your help.


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!