[Oisf-users] Questions on using Suppress

Anoop Saldanha anoopsaldanha at gmail.com
Thu Aug 22 12:26:07 UTC 2013


On Thu, Aug 22, 2013 at 12:42 AM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
> I have been trying to exclude certain source IP addresses from triggering
> alerts or drops. I read that there is a bug when performing global threshold
> functions such as Suppress. Maybe that can be explained to me better on when
> Suppress will work or not work.
>
> But when I use "suppress" in the threshold.config file and setup
> suricata.yaml, the supression does not seem to work.
>
> What is the best way or proper way to have Suricata ignore a src IP?
>

Suppress should work fine.

What version of suricata are you using?  Can you post your suppress
setup, the rule that you are using, and also the traffic that you are
testing?

-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------



More information about the Oisf-users mailing list