Snort mailing list archives

Previous By Date Next
Previous By Thread Next

suppress isn't suppressing (completely)

From: rreiner () fscinternet com (Richard Reiner)
Date: Fri, 23 Jul 2004 15:55:21 -0400
We have the following in threshold.conf:

# Suppress detection of ICMP Echo Request events ("ICMP PING" rule)
suppress gen_id 1, sig_id 384

Nevertheless, "ICMP PING" events continue to be logged, although at 
reduced frequency.  It appears that the suppress rule supporesses some, 
but not all.

We're logigng to mysql, in case that matters.

And the same thing happens with several other suppress rules on the 
same system.

Any thoughts?




-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: