The suppress configuration has two forms:
suppress \
gen_id <gid>, sig_id <sid>
suppress \
gen_id <gid>, sig_id <sid>, \
track <by_src|by_dst>, ip <ip-list>
| Option | Description |
|---|---|
| gen_id <gid> | Specify the generator ID of an associated rule. gen_id 0, sig_id 0 can be used to specify a "global" threshold that applies to all rules. |
| sig_id <sid> | Specify the signature ID of an associated rule. sig_id 0 specifies a "global" filter because it applies to all sig_ids for the given gen_id. |
| track by_src|by_dst | Suppress by source IP address or destination IP address. This is optional, but if present, ip must be provided as well. |
| ip <list> |
Restrict the suppression to only source or destination IP addresses (indicated
by track parameter) determined by |
list
. If track is provided, ip
must be provided as well.