Snort mailing list archives
Re: thresholding
From: Doug Nordwall <doug () pnl gov>
Date: Mon, 22 Sep 2003 14:38:13 -0700
sent off list, but snort version is 2.0.2 On Monday, September 22, 2003, at 02:19 PM, Chris Green wrote:
Doug Nordwall <doug () pnl gov> writes:I'm trying to suppress or threshold a particular rule with snort 2.0.2. I've read the README.thresholding over and am attempting the following rule is sid:483 (the cyberkit..i'm trying to squelch welchia a bit) I put in a line in snort.conf for rules in local-limits.rules the file itself says: suppress gen_id 1, sig_id 483That should work. Mind sending your output of snort -V and your snort.conf? -- Chris Green <cmg () sourcefire com> Chicken's thinkin'
Doug Nordwall doug () pnl gov pgp fingerprint: 3CC7 B302 CB87 BCF3 F080 DF9D 43DF A123 D9D3 074E ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- thresholding Doug Nordwall (Sep 22)
- Re: thresholding Chris Green (Sep 22)
- Re: thresholding Doug Nordwall (Sep 22)
- Re: thresholding Robert Vance Jr (Sep 22)
- Re: thresholding Doug Nordwall (Sep 22)
- Re[2]: thresholding Jyri Hovila (Sep 23)
- Re: Re[2]: thresholding Doug Nordwall (Sep 23)
- Re: Re[2]: thresholding Nordwall, Douglas J (Sep 24)
- Re: thresholding Doug Nordwall (Sep 22)
- Re: thresholding Chris Green (Sep 22)