Snort mailing list archives
Re: (no subject)
From: Paul O'Brien via Snort-users <snort-users () lists snort org>
Date: Mon, 2 Oct 2017 11:21:21 -0400
The line in question is the only line I have added to threshold.conf pertaining to that sig id Thanks, Dan "Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6 Sent from my iPhone
On Oct 2, 2017, at 11:16 AM, Russ <rucombs () cisco com> wrote: That is saying there is already another one for that rule. Is there another event_filter for that rule in your conf? Or does that rule have an in-rule threshold? That also counts.On 10/2/17 10:35 AM, Paul O'Brien wrote: Could not create threshold - only one per sig_id=2002878. I only have one rule, the one in question, for sig Id 2002878. Thanks, Dan "Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6 Sent from my iPhoneOn Oct 2, 2017, at 9:15 AM, Russ <rucombs () cisco com> wrote: That looks OK. Please send the error you are seeing.On 9/30/17 6:13 PM, Paul O'Brien via Snort-users wrote: Why is this causing an error and keeping snort from starting? I want to suppress all errors under a 2 count per minute per ip event_filter gen_id 1, sig_id 2002878, type both, track by_src, count 2, seconds 60 Thanks, Dan "Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6 Sent from my iPhone _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: (no subject) Russ via Snort-users (Oct 02)
- Re: (no subject) Paul O'Brien via Snort-users (Oct 02)
- Re: (no subject) Russ via Snort-users (Oct 02)
- Re: (no subject) Paul O'Brien via Snort-users (Oct 02)
- Re: (no subject) Russ via Snort-users (Oct 02)
- Re: (no subject) Paul O'Brien via Snort-users (Oct 02)
- Re: (no subject) wkitty42 (Oct 02)
- Re: (no subject) Dan O'Brien via Snort-users (Oct 03)
- Re: (no subject) Russ via Snort-users (Oct 02)
- Re: (no subject) Paul O'Brien via Snort-users (Oct 02)
- <Possible follow-ups>
- (no subject) Việt Nam via Snort-users (Oct 06)
- (no subject) moha mahbob via Snort-users (Oct 13)
- (no subject) Matt Fontenot via Snort-users (Oct 24)
- Re: (no subject) Joel Esler (jesler) via Snort-users (Oct 24)
- (no subject) Tony Fernandez via Snort-users (Oct 27)
- (no subject) Tony Fernandez via Snort-users (Oct 29)