Snort mailing list archives
Re: How to disable a single Rule for some Hosts?
From: Erek Adams <erek () snort org>
Date: Tue, 18 Feb 2003 10:58:52 -0500 (EST)
On Tue, 18 Feb 2003, Christian Brem wrote:
I just got everything running, snort 1.9, mysql, acid and a windows based policy editor and ... im happy (just in case someone cares :) - and gratulations to developers - fine work!! (just in case you read this)
1.5 Million served and counting... ;-)
But I have a problem: I have to leave some rules to be active which generate false alarms for "trusted" Hosts (on different nets). Now I want to deactivate specific rules for this hosts? I was reading the manual - but didn't get the point (if there is one than it makes me really unhappy that I didn't get it :)
You have a few options: * Pass rules * BPF Filters * Change the Rule I'd say you'd want to use one of the first two. In fact, have a look at this email [0] on the subject. It may be of some help. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to disable a single Rule for some Hosts? Christian Brem (Feb 18)
- Re: How to disable a single Rule for some Hosts? Erek Adams (Feb 18)
- <Possible follow-ups>
- RE: How to disable a single Rule for some Hosts? McPheeters, Scott (Feb 18)