RE: [Snort-users] Customizing snort rules

Hi Edin,

I have properly defined the HOME_NET and EXTERNAL_NET variables??
The rules that are getting triggered are SNMP rules.i.e. whenever our NMS
management server polls some devices,the rule triggers.
I want to be able to disable these triggers for some specific IP hosts. The
SNMP rule should not be disabled and continue to look for SNMP traffic.


Thanks and Regards

Simon



-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic@interActive-Systems.de]
Sent: Tuesday, April 06, 2004 3:15 PM
To: simonkc@netsol.co.in
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Customizing snort rules


Hi,

I don't _really_ get your problem: Have you properly defined your
HOME_NET and EXTERNAL_NET?

Could you please specify the rules that trigger?

Regards,
Edin

simonkc@netsol.co.in schrieb:
> Hi,
>
> Can anyone point me in the direction of any document explaining how to
> customize snort rules.
> I have a situation wherein the Snort IDS is alerting even for normal SNMP
> requests and traps. How do it disable these alerts for only specific SNMP
> management stations but keep the SNMP rule turned on??
>
> Thanks and Regards
>
> Simon
>

--
Edin Dizdarevic


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users