Snort mailing list archives

Re: suppressing alert...

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 23 Sep 2010 14:51:19 -0400

On 9/22/2010 22:38, Alex Tatistcheff wrote:

Bug or no bug, I get the same result.


thank you for your report ;)

for completeness, mine is

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.8.6.1 (Build 39)
    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2010 Sourcefire, Inc., et al.
            Using PCRE version: 7.8 2008-09-05

threshold.conf
suppress gen_id 1, sig_id 1, track by_src, ip 10.1.1.1
suppress gen_id 1, sig_id 1, track by_src, ip 10.1.1.2


snort output:
Sep 22 22:30:57 Snortbox snort[4750]:
+-----------------------[suppression]------------------------------------------
Sep 22 22:30:57 Snortbox snort[4750]: | gen-id=1      sig-id=1
tracking=src-ip=<list>
Sep 22 22:30:57 Snortbox snort[4750]: | gen-id=1      sig-id=1
tracking=src-ip=<list>
Sep 22 22:30:57 Snortbox snort[4750]:
-------------------------------------------------------------------------------

[root@Snortbox snort]# snort -V

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.8.6 (Build 38) inline
''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2010 Sourcefire, Inc., et al.
            Using PCRE version: 7.9 2009-04-11
            Using ZLIB version: 1.2.3




------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

suppressing alert... waldo kitty (Sep 17)
- Re: suppressing alert... waldo kitty (Sep 22)
  - Re: suppressing alert... Joel Esler (Sep 22)
    - Re: suppressing alert... waldo kitty (Sep 22)
    - Re: suppressing alert... Alex Tatistcheff (Sep 22)
    - Re: suppressing alert... Joel Esler (Sep 22)
    - Re: suppressing alert... waldo kitty (Sep 23)
    - Re: suppressing alert... waldo kitty (Sep 23)