snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: [Snort-users] alert suppression

[Snort-users] alert suppression

From: Jefferson, Shawn <Shawn.Jefferson_at_nospam>
Date: Tue May 05 2009 - 22:25:38 GMT
To: "" <>


I want to suppress some alerts I've been getting, specifically the tag: tagged packet. I've tried putting "suppress gen_id 2, sig_id 1" in the threshold.conf file, but this doesn't seem to be working. Is there a better way to suppress this alert? Especially if there is a method that is better performance-wise. I've looked around in the documentation and didn't see anything specific to the tag: tagged packet alert.

Also, the new dcerpc2 preprocesser is pretty noisy in my environment, creating quite a few alerts each day. Can anyone share any tuning advice for this?


The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled.

Snort-users mailing list
Go to this URL to change user options or unsubscribe: Snort-users list archive: