Snort mailing list archives
Re: Suppressing Source Messages from $HOME_NET
From: "Steve Brown" <Steve.Brown () ddpky com>
Date: Mon, 17 Oct 2005 16:12:32 -0400
What is the synthax or way to suppress all source addresses within $HOME_NET and/or a range of addresses within the same suppress statement? I have $HOME_NET set to "var HOME_NET [x.x.x.1,x.x.x.255]" and "var EXTERNAL_NET !$HOME_NET." I've tried the following without luck: suppress gen_id 1, sig_id 1387, track by_src, ip $HOME_NET suppress gen_id 1, sig_id 1387, track by_src, ip [x.x.x.1,x.x.x.255] suppress gen_id 1, sig_id 1387, track by_src, ip $INTERNAL Note: The $INTERNAL variable was a custom variable I created with the same address range as $HOME_NET. It was created in the snort.conf file. Steve Brown Systems Analyst Delta Dental Plan of Kentucky (502) 736-4646 Steve.Brown () ddpky com
Current thread:
- Re: Suppressing Source Messages from $HOME_NET Steve Brown (Nov 01)