Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.9.2 disable alerts for so_rules (p2p)

From: Jørgen Bøhnsdalen <Jorgen.Bohnsdalen () nhn no>
Date: Fri, 3 Feb 2012 08:12:00 +0000
This message contains a digitally signed email which can be read by opening the attachment.
Vennlig hilsen

Jørgen Bøhnsdalen
Sikkerhetsanalytiker ved Nasjonal HelseCSIRT/HealthcareCSIRT
Norsk Helsenett
+47 7356 5883 | +47 468 23 721
www.nhn.no

Denne e-post er kun bestemt for mottakeren nevnt over. Hvis du ved en feil skulle motta denne meldingen, må du ikke 
sende den videre eller kopiere den. Vennligst informer avsender og slett meldingen og eventuelle vedlegg fra din PC. 
Norsk Helsenett SF påtar seg ikke ansvar for endringer av innholdet etter at meldingen er sendt. Overføring av e-post 
er ikke garantert å være sikker, konfidensiell eller feilfri, fordi informasjon kan avbrytes, forvrenges, tapes, 
ødelegges, bli forsinket, være ufull­stendig eller inneholde skadelig kode. E-posten ble sjekket for skadelig kode før 
utsendelse fra Norsk Helsenett SF.
--- Begin Message --- From: Jørgen Bøhnsdalen <Jorgen.Bohnsdalen () nhn no>
Date: Fri, 3 Feb 2012 08:12:00 +0000
On 2/2/2012 20:14, Joel Esler wrote:

If you comment the rule out in the stub file as JJ suggested, it 
should turn the rule off.



even if it specifically stated that the file is auto-generated and not to manually edit it??
if the above is true, then the header message really should reflect such ;)


What about suppressing the rule? Suppressing the rule in threshold.conf will disable alerts from the rule but not 
disable the rule itself.

suppress gen_id 3, sig_id 7019

Attachment: PGP.sig
Description:


--- End Message ---
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: