• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort event filter

Scheduled Pinned Locked Moved pfSense Packages
1 Posts 1 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    HiTekRedNek
    last edited by May 2, 2012, 2:20 AM

    Snort 2.9.1 pkg v. 2.1.1  pfSense 2.0.1

    I'm getting flooded by alerts when running updates on my Linux box.

    Description
    ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management  1:2013504:2

    I am trying to filter these event to only flag me once. When I read the manual and look at the examples under the suppress tab, I figured this command could work.

    event_filter gen_id 1, sig_id 2013504, type limit, track by_src, count 1, seconds 120
    

    I restarted the snort service but when I ran the update check from the Linux box and checked the alerts tab, I am still getting flooded by these warnings.

    Is my command syntax correct?

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received