[Snort-users] Suppressing gen_id 116
This is a discussion on [Snort-users] Suppressing gen_id 116 within the Snort forums, part of the System Security and Security Related category; I running snort 2.1.3 and I am trying to suppress the following snort_decoder alerts using the thresholding functionality: (...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-21-2004
|
|||
|
|||
[Snort-users] Suppressing gen_id 116
I running snort 2.1.3 and I am trying to suppress the
following snort_decoder alerts using the thresholding functionality: (snort_decoder) WARNING: Bad Token Ring MR Header! (snort_decoder) WARNING: Bad Token Ring ETHLLC Header! (snort_decoder) WARNING: Bad Token Ring MRLENHeader! My threshold.conf file look like this: suppress gen_id 116, sig_id 141 suppress gen_id 116, sig_id 142 suppress gen_id 116, sig_id 143 I have 'include threshold.conf' in my snort.conf. When I load snort, not in daemon mode, I see the rules load, but the events still get logged to my database. The only way I have been able to turn them off is to set the following option in snort.conf: config disable_decode_alerts Can anyone tell me why suppression is not working for me? Is my gen_id wrong? sig_id? TIA. __________________________________ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/...otelifeengine/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
