Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to disable a single Rule for some Hosts?

From: Erek Adams <erek () snort org>
Date: Tue, 18 Feb 2003 10:58:52 -0500 (EST)
On Tue, 18 Feb 2003, Christian Brem wrote:


I just got everything running, snort 1.9, mysql, acid and a windows based
policy editor and

... im happy (just in case someone cares :) - and gratulations to
developers - fine work!! (just in case you read this)


1.5 Million served and counting...  ;-)


But I have a problem: I have to leave some rules to be active which generate
false alarms for "trusted" Hosts (on different nets).

Now I want to deactivate specific rules for this hosts? I was reading the
manual - but didn't get the point (if there is one than it makes me really
unhappy that I didn't get it :)


You have a few options:

        *  Pass rules
        *  BPF Filters
        *  Change the Rule

I'd say you'd want to use one of the first two.  In fact, have a look at
this email [0] on the subject.  It may be of some help.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/ignore.txt


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: