SearchForum Home   Forum  IDS Policy Mana...  IDS Policy Mana...  Disabling alerts   Previous   Next    11/6/2007 11:40 PM    paulr 21 posts Disabling alerts  Okay...I have some alerts I want to disable. I'm not seeing them in IDS PM and when I browse the snort.conf on the sensors it seems the related preprocessors are commented out. But we're getting hammered with alerts just the same: [snort] (snort_decoder): Experimental Tcp Options found unclassified 234934(49%) Take this annoying experimental TCP options alert...please take it...anyway.... I can't find where in the GUI I might disable this and near as I can tell all related preprocessors are disabled in snort.conf....yet it keeps reporting and stays at the top of the list. That and the encrypted Telnet which I'd like to disable: (ftp_telnet) Telnet traffic encrypted. Any hints on how to disable these in the PM would be appreciated. Thanks!  11/6/2007 11:58 PM    paulr 21 posts Re: Disabling alerts  Hmmm. Seemed too obvious to Google. But...I see from this thread I'm not the only one: http://www.snort.org/archive-3-186.html Having read that I found the options that need to be ENABLED in Config Options in the PM to stop the alerts. So, uh, nevermind. :-) I don't see the encrypted Telnet for sure but the TCP options will be a great help to reduce the alerts.  Page 1 of 1   Previous   Next     Forum  IDS Policy Mana...  IDS Policy Mana...  Disabling alerts