Suppressing gen_id 116

[snort user <snortuser2000 () yahoo com>]

I running snort 2.1.3 and I am trying to suppress the
following snort_decoder alerts using the thresholding
functionality:

(snort_decoder) WARNING: Bad Token Ring MR Header!
(snort_decoder) WARNING: Bad Token Ring ETHLLC Header!
(snort_decoder) WARNING: Bad Token Ring MRLENHeader!

My threshold.conf file look like this:

suppress gen_id 116, sig_id 141
suppress gen_id 116, sig_id 142
suppress gen_id 116, sig_id 143

I have 'include threshold.conf' in my snort.conf. 
When I load snort, not in daemon mode, I see the rules
load, but the events still get logged to my database. 
The only way I have been able to turn them off is to
set the following option in snort.conf:

config disable_decode_alerts

Can anyone tell me why suppression is not working for
me?  Is my gen_id wrong? sig_id?

TIA.



        
                
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users