[Oisf-devel] Suricata 1.1beta3 and suppress (threshold.conf)
Peter Manev
petermanev at gmail.com
Mon Oct 31 20:16:19 UTC 2011
On Mon, Oct 31, 2011 at 5:19 PM, <David.R.Wharton at regions.com> wrote:
> I updated to Suricata version 1.1beta3 (rev 30d84ab) from 1.1beta2 (rev
> bc5c9f4) and now my suppress statements in threshold.conf don't seem to be
> working as expected. They seem to be loading OK:
>
> (util-threshold-config.c:878) <Info> (SCThresholdConfParseFile) --
> Threshold config parsed: 212 rule(s) found
> (util-threshold-config.c:191) <Info> (SCThresholdConfInitContext) --
> Global thresholding options defined
>
> Suppression was working before, but after updating, I'm seeing alerts on
> events that should be suppressed. Anyone else getting this?
>
> Thanks.
>
> -David
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
Hi Dave,
1.1beta3 (rev 9549faa) - works fine for me.(latest)
If you would like we can take a closer look (privately).
There is a different approach also - you could use "pass" rules.
Thanks
--
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20111031/9682a0d4/attachment-0002.html>
More information about the Oisf-devel
mailing list