snort running to half stop many times a day
-
@patch
There is a rule to turn off snort can be normalMight have to wait until the next update to enable this rule
-
@blackkep said in snort running to half stop many times a day:
There is a rule to turn off snort can be normal
And wich one? Can you tell us too?
-
@fireodo After you update the rules also ?
emerging-drop.rules
-
@blackkep said in snort running to half stop many times a day:
@fireodo After you update the rules also ?
From time to time Snort exits on rules update (here) with signal 11 but it will continuing running normal.
emerging-drop.rules
Thanks. (not enabled here)
-
@fireodo This bug has been around for a long time
-
@blackkep If you want an alternative for DROP, you can use pfBlocker and pick DROP from its feed list. Then create a regular firewall block rule via the feed set as Alias Native, or have it create the rule via Deny.
-
@steveits
The DROP rule is still running ? -
@steveits pfblockerng DROP I see the original list
-
@blackkep said in snort running to half stop many times a day:
@steveits The DROP rule is still running ?
Not sure I understand the question…if you are using pfBlocker you can disable the category in Snort. No need to scan twice.
-
@steveits It is very strange that snort has canceled the DROP rule and is still running
-
@blackkep Did you restart Snort in that interface to pick up the new settings? Check if multiple Snort processes are running and if so end them or restart your router.
-
@steveits
snort restarted , snort has only one -
@blackkep And did you restart your router?
-
@steveits pfsense restart
