I'm getting flooded by alerts when running updates on my Linux box.

Description
ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management  1:2013504:2

I am trying to filter these event to only flag me once. When I read the manual and look at the examples under the suppress tab, I figured this command could work.

event_filter gen_id 1, sig_id 2013504, type limit, track by_src, count 1, seconds 120

I restarted the snort service but when I ran the update check from the Linux box and checked the alerts tab, I am still getting flooded by these warnings.

Is my command syntax correct?