alert suppression

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Hi,

I want to suppress some alerts I've been getting, specifically the tag: tagged packet.  I've tried putting "suppress 
gen_id 2, sig_id 1" in the threshold.conf file, but this doesn't seem to be working.  Is there a better way to suppress 
this alert?  Especially if there is a method that is better performance-wise.  I've looked around in the documentation 
and didn't see anything specific to the tag: tagged packet alert.

Also, the new dcerpc2 preprocesser is pretty noisy in my environment, creating quite a few alerts each day.  Can anyone 
share any tuning advice for this?

Thanks,
Shawn

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users