Snort mailing list archives
Re: Suppress alerts
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 14 Oct 2005 19:06:09 -0500
On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger wrote:
[snort] (portscan) Open Port unclassified [snort] (portscan) UDP Portsweep unclassified [snort] (http_inspect) BARE BYTE UNICODE ENCODING Are generating too many alerts. I have attempted to suppress these alerts in my snort.conf file like the following: suppress gen_id 122, sig_id 27: suppress gen_id 122, sig_id 19: suppress gen_id 119, sig_id 4: But those alerts are still generating a lot as before. I do not know why these alerts can not be surppressed?
Did you notice Snort giving errors on startup? Remove the colon, that might help. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Suppress alerts Peter Rodger (Oct 14)
- Re: Suppress alerts Frank Knobbe (Oct 14)
- Re: Suppress alerts Peter Rodger (Oct 17)
- <Possible follow-ups>
- RE: Suppress alerts Briggs, Bruce (Oct 14)
- RE: Suppress alerts Briggs, Bruce (Oct 17)
- RE: RE: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Re: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Fwd: Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
- Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Frank Knobbe (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
- Re: Suppress alerts Frank Knobbe (Oct 14)