Re: [Snort-users] Using suppress and syntax

Hi,

I'm doing this and it works:

suppress gen_id 1, sig_id 2009955, track by_dst, ip [172.16.1.120,172.16.1.121]

with Snort v.2.8.5.3

and I tested your suppress line and it worked for me as well (snort -T), no error message.

________________________________
From: Bill Pickens [mailto:wmpickens@gmail.com]
Sent: Wednesday, May 19, 2010 1:39 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Using suppress and syntax

Hello Everyone,

I want to suppress a rule for a number of servers.
Can I do that?
I tried this an it gives me a parsing error:
suppress gen_id 1, sig_id 469, track by_dst, ip [10.106.88.29,10.102.128.1,10.103.128.2,172.17.17.150]

Also,
What would be the proper syntax for the the last line show here:
var ENT_DNS_SERVERS [10.101.1.1,10.103.1.2,10.105.3.4]
var LOCAL_DNS_SERVERS [172.6.5.4,172.8.7.3,172.6.6.6]
var DNS_SERVERS [$ENT_DNS_SERVERS,$LOCAL_DNS_SERVERS] <--- is this correct? snort doesn't complain

Thanks
Bill

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• This message: [ Message body ]
• Next message: Russell Fulton: "[Snort-users] SF: Someone please update the gen-msg.map in rules tarball"
• Previous message: Bill Pickens: "[Snort-users] Using suppress and syntax"
• In reply to: Bill Pickens: "[Snort-users] Using suppress and syntax"
• Next in thread: Jason Wallace: "Re: [Snort-users] Using suppress and syntax"
• Reply: Jason Wallace: "Re: [Snort-users] Using suppress and syntax"
• Reply: Bill Pickens: "Re: [Snort-users] Using suppress and syntax"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]