Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem with SID Management in Snort

    IDS/IPS
    2
    3
    112
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Simbad last edited by

      Has anyone ever encountered a problem using SID Management that some of the rules are not "properly" enabled?

      efa47645-aa79-4c7b-bc6a-07d0a45b3883-image.png

      I help myself through SID Management by turning on enablesid-sample.conf

      0acd3055-9703-4eb1-b4ca-0f4e978538b5-image.png

      with the following rules:

      What am I doing wrong?

      1 Reply Last reply Reply Quote 0
      • S
        Simbad last edited by

        1b8b413d-5d3d-4edd-a144-d769111e2e54-image.png
        cc6e40c4-e5b5-4159-ab08-8cd3d3de3e11-image.png
        b2e3190d-b9ba-427f-b60c-9657487fdd41-image.png
        1f65e427-c058-49ca-95a5-103b2ffd8aaf-image.png

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          I'm quite confused by the four different enablesid-sample.conf file screencaps you posted. Are those all in the same file, or did you actually post four different versions?

          The SID MGMT logic is not meant to work the way you are doing it. It is not designed to enable every single rule in every category. It's never been tested for that -- might work, or might not.

          Why are you doing this anyway? That most definitely is not the correct way to configure an IDS.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy