From 61c68239183352ecb4abc8e89c117e87ac4d0d38 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 26 Feb 2002 16:51:50 +0000
Subject: logcheck: Temporarily ignore the worst noise from snort.

---
 logcheck/ignore.d.server/tmp      | 2 ++
 logcheck/violations.ignore.d/temp | 1 +
 2 files changed, 3 insertions(+)

diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 0acc93f..f4d5603 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -34,3 +34,5 @@ sshd\[.*\]: packet_set_maxsize: setting to 4096
 dhcpd-2.2.x: BOOTREQUEST from 00:20:6b:18:20:35
 dhcpd-2.2.x: No applicable record for BOOTP host 00:20:6b:18:20:35
 postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com>
+snort: spp_http_decode: IIS Unicode attack detected:
+snort: spp_portscan: portscan status from
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 52c886f..44128ce 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -16,3 +16,4 @@ pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
 postfix/smtpd\[.*\]: reject: .*: 550 <.*>: User unknown; .*
 postfix/smtpd\[.*\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
 postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com>
+snort: spp_http_decode: IIS Unicode attack detected:
-- 
cgit v1.2.3