From: Nerijus Krukauskas (nkrukauskasgmail.com)
Date: Fri Jul 17 2009 - 00:38:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2009-07-16, Hugo Leonardo Ferrer Rebello
<Hugo.Rebellot-systems.com.br> wrote:
> Could you help to understand gen_id and sig_id from suppress sintaxe ?
>
> I created the rules below, but it's not working.
>
> suppress gen_id 119, sig_id 16, track by_src, ip 10.58.xxx.xxx

http_inspect is NOT gen_id 1. From the doc/README.http_inspect: "HTTP
Inspect used generator ID 119 and 120."

RTFM! :) Oh, and
http://www.joelesler.net/finshake/The_Snort_Drinking_Game.html. :)

--
http://nk99.org/

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]