Snort mailing list archives
Re: preprocessor alert
From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 4 Aug 2010 08:46:00 -0400
On Wed, Aug 4, 2010 at 8:04 AM, Jason Wallace <jason.r.wallace () gmail com>wrote:
If you want to limit/suppress this alert for a single host or network, then take a look at your gen-msg.map. That will give you the GID and the SID of the preprocessor alert. You can use that information to create a threshold or suppression statement. If you do not want to ever see the alert for any host look in preprocessor.rules and disable the rule. Wally On Wed, Aug 4, 2010 at 5:30 AM, ll <ibeginhere () gmail com> wrote:hi,all the preprocess create too many alerts. for example "stream5: Limit on number of overlapping TCP packets reached".whether I disabled the preprocessor stream5 or some way can disabled there alerts ? which will be better ? and if I want to disabled some alerts created by the preprocessor when I know the the preprocessor SID,how to do that .I just know how to disabled the rules when I know the rules SID.
And it *almost* goes without saying that you shouldn't disable stream5, because much of Snort's detection functionality requires that.
------------------------------------------------------------------------------The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- preprocessor alert ll (Aug 04)
- Re: preprocessor alert Jason Wallace (Aug 04)
- Re: preprocessor alert Russ Combs (Aug 04)
- Re: preprocessor alert Jason Wallace (Aug 04)