Snort mailing list archives
Re: Snort Configurations
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 24 Sep 2010 09:15:47 -0400
You don't happen to have config autogenerate_preprocessor_decoder_rules in your conf do you? On Thu, Sep 23, 2010 at 5:19 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:
Add this to your threshold.conf file: ---snip--- # Get rid of annoying http_inspect alerts suppress gen_id 119, sig_id 19 suppress gen_id 119, sig_id 16 suppress gen_id 119, sig_id 15 suppress gen_id 119, sig_id 14 suppress gen_id 119, sig_id 3 suppress gen_id 119, sig_id 2 suppress gen_id 119, sig_id 4 suppress gen_id 119, sig_id 7 ---snip--- Those are the ones we get rid of because they alert constantly. If this isn't working, then the location of the threshold.conf file you are editing is incorrect and it is not being read when snort is started up. -- Eoin ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort Configurations, (continued)
- Re: Snort Configurations Greg Lane (Sep 22)
- Re: Snort Configurations Alex Tatistcheff (Sep 22)
- Re: Snort Configurations Greg Lane (Sep 23)
- Re: Snort Configurations Joel Esler (Sep 23)
- Message not available
- Message not available
- Re: Snort Configurations Greg Lane (Sep 23)
- Re: Snort Configurations Joel Esler (Sep 23)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Snort Configurations Greg Lane (Sep 23)
- Re: Snort Configurations Joel Esler (Sep 23)
- Re: Snort Configurations Greg Lane (Sep 23)
- Re: Snort Configurations Eoin Miller (Sep 23)
- Re: Snort Configurations Russ Combs (Sep 24)
- Re: Snort Configurations Greg Lane (Sep 24)
- Re: Snort Configurations Greg Lane (Sep 22)
- Message not available
- Re: Snort Configurations Greg Lane (Sep 23)
- Re: Snort Configurations waldo kitty (Sep 23)
- Re: Snort Configurations waldo kitty (Sep 23)
- Re: Snort Configurations waldo kitty (Sep 23)