SNORT not blocking any alerts other than (http_inspect) alerts
-
Anyone had this issue before?
Blocking is enabled, all preprocessors are selected and most emerging rules (freshly updated) are checked. Many alerts are generated, but snort only blocks (http_inspect) alerts. All else seems to be running fine.
I can't see any obvious stupidities on my side - any comments are welcome?
I'm using 2.01.
-
Aren't these non blocking alerts from white-listed ips?
-
I have none whitelisted. I tested it by enabling all emerging rules, thus all sorts of alerts pop up. However, only the (http_inspect) alerts are blocked.
Blocking is enabled, along with all the preprocessors. Snort is running - I tried reinstalling, manually updating rules, rebooting. Also, checked the system logs -all seem well. But no other alerts are blocked.
I'm stumped. What am I doing wrong?