Hi Yang,
Replies inline.
On Wed, Jun 24, 2015 at 10:32 PM, Yang Jae <
rem...@gmail.com> wrote:
> Today I helped for IDS from Enabling all default Snort Rules post.
>
> sudo vi /etc/nsm/pulledpork/enablesid.conf
> add in the file => pcre:alert
> sudo /usr/bin/rule-update
> sudo service nsm restart
>
> so snorby is more active than before.
>
> Thanks
You really don't want to do this long-term. The post where I
mentioned that was specifically related to enabling snort rules
temporarily. Long-term you should only run the rules necessary for
your environment.
> Anyway, I have a question.
>
> How can I exclude our IP for snorby no alret for company IP?
Have you considered using a BPF?
https://github.com/Security-Onion-Solutions/security-onion/wiki/BPF
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com