Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with SID Management in Snort

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 275 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Simbad
      last edited by

      Has anyone ever encountered a problem using SID Management that some of the rules are not "properly" enabled?

      efa47645-aa79-4c7b-bc6a-07d0a45b3883-image.png

      I help myself through SID Management by turning on enablesid-sample.conf

      0acd3055-9703-4eb1-b4ca-0f4e978538b5-image.png

      with the following rules:

      What am I doing wrong?

      1 Reply Last reply Reply Quote 0
      • S
        Simbad
        last edited by

        1b8b413d-5d3d-4edd-a144-d769111e2e54-image.png
        cc6e40c4-e5b5-4159-ab08-8cd3d3de3e11-image.png
        b2e3190d-b9ba-427f-b60c-9657487fdd41-image.png
        1f65e427-c058-49ca-95a5-103b2ffd8aaf-image.png

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          I'm quite confused by the four different enablesid-sample.conf file screencaps you posted. Are those all in the same file, or did you actually post four different versions?

          The SID MGMT logic is not meant to work the way you are doing it. It is not designed to enable every single rule in every category. It's never been tested for that -- might work, or might not.

          Why are you doing this anyway? That most definitely is not the correct way to configure an IDS.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.