[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: [Snort-users] threshold.conf questions
From: "Guillermo Calvo" <guillermocalvo () hyperdata ! biz>
Date: 2004-11-28 16:55:48
Message-ID: 20041128165555.EPVI20686.lakermmtao07.cox.net () Hyperdata
[Download RAW message or body]
Hi everyone
I have a couple questions related with threshold.conf
1 - Can I use snort.conf variables in threshold.conf ? I'm my test I
couldn't
2 - Can I suppress a rule for all src ip but just with a especific port,
how?
something like "suppress gen_id 1, sig_id 1394, track by_src, ip
0.0.0.0:6667 ?
Thanks in advance
Best Regards
Guillermo Calvo
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>Hi
everyone</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=489325118-27112004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>I have a
couple questions related with threshold.conf </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=489325118-27112004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>1 - Can I
use snort.conf variables in threshold.conf ? I'm my test I couldn't
</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>2 - Can I suppress a
rule for all src ip but just with a especific port,
how?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>something like
"suppress gen_id 1, sig_id <FONT face="Times New Roman">1394</FONT>, track
by_src, ip 0.0.0.0:6667 ?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=489325118-27112004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=489325118-27112004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>Thanks in
advance</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>Best
Regards</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=489325118-27112004>Guillermo
Calvo</SPAN></FONT></DIV></BODY></HTML>
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic