Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort: Blocking traffic on some SIDs but don't add an entry to the Alert Log

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vidmo
      last edited by

      Hi All,

      I've been using snort for about a year and have a nice set of rules and supressions applied.

      I'm using the Emerging threats rules and my Alerts log is mostly filled with Poor Reputation alerts like "ET CINS Active Threat Intelligence Poor Reputation IP TCP group" but I would like to no longer see those entries in the Alerts, but still continue to have Snort block them. Is this possible? I've read through the Snort FAQ on filters, but that does not seem to be quite what I'm looking for.

      Any ideas?

      TIA,
      Vidmo

      1 Reply Last reply Reply Quote 1
      • bmeeksB
        bmeeks
        last edited by

        @Vidmo:

        Hi All,

        I've been using snort for about a year and have a nice set of rules and supressions applied.

        I'm using the Emerging threats rules and my Alerts log is mostly filled with Poor Reputation alerts like "ET CINS Active Threat Intelligence Poor Reputation IP TCP group" but I would like to no longer see those entries in the Alerts, but still continue to have Snort block them. Is this possible? I've read through the Snort FAQ on filters, but that does not seem to be quite what I'm looking for.

        Any ideas?

        TIA,
        Vidmo

        No, it is not currently possible to filter out the alerts and still have them blocked.  You can filter the results shown on the ALERTS tab, but the actual alert text will still be in the log file, and you would have to manually reapply the filter each time you opened the ALERTS tab.

        Bill

        1 Reply Last reply Reply Quote 0
        • A
          Antony 0
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.