[Oisf-users] Questions on using Suppress

Leonard Jacobs ljacobs at netsecuris.com
Wed Aug 21 19:12:00 UTC 2013

I have been trying to exclude certain source IP addresses from triggering alerts or drops. I read that there is a bug when performing global threshold functions such as Suppress. Maybe that can be explained to me better on when Suppress will work or not work.
But when I use "suppress" in the threshold.config file and setup suricata.yaml, the supression does not seem to work.
What is the best way or proper way to have Suricata ignore a src IP?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130821/416081e5/attachment.html>

More information about the Oisf-users mailing list