SNORT and ignoring hosts

Posted on 2004-11-21
Last Modified: 2010-04-22
Can't quit figure out how to ignore a single computer.

I have a computer which continuously gets following alert.  It is because it
is making lots of SNMP requests which is what it is suppose to do.  How do I
get snort to ignore a single host like this or just ignore this particular

thanks terry

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/21-03:37:59.626234 ->
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF
Len: 90]]]]
Question by:techbnjcomp
    LVL 38

    Expert Comment


       Did you try:
    # snort <args> not \( host <ip> \)


    LVL 1

    Author Comment

    I tried

    snort -D -c ..\etc\snort.conf   not host

    but that did not seem to work
    LVL 14

    Accepted Solution

    The easiest way is to either modify the rule in question or write an "override" rule.

    And the easiest way to maintain such local rules is with oinkmaster ( The docs talk about how to write such rules too.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now