Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Subscriber Implementation

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 370 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beachbum2021
      last edited by beachbum2021

      Hey Yall,

      I have set the IPS to "Resolve Flowbits" and IPS Policy "Security" because I do not want to manage the enabling of individual rulesets. "IPS Policy Mode" is set to Policy rather than Alert. I've seen little to no Alerts in the past three days and that's on all Interfaces LAN/OPT1. Is that normal?

      Starting rules update... Time: 2020-10-17 00:12:32
      Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5...
      Checking Snort Subscriber rules md5 file...
      Snort Subscriber rules are up to date.
      Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
      Checking Snort OpenAppID detectors md5 file...
      Snort OpenAppID detectors are up to date.
      Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5...
      Checking Snort AppID Open Text Rules md5 file...
      There is a new set of Snort AppID Open Text Rules posted.
      Downloading file 'appid_rules.tar.gz'...
      Done downloading rules file.
      Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
      Checking Emerging Threats Open rules md5 file...
      There is a new set of Emerging Threats Open rules posted.
      Downloading file 'emerging.rules.tar.gz'...
      Done downloading rules file.
      Extracting and installing Snort AppID Open Text Rules...
      Installation of Snort AppID Open Text Rules completed.
      Extracting and installing Emerging Threats Open rules...
      Installation of Emerging Threats Open rules completed.
      Copying new config and map files...
      Updating rules configuration for: LAN ...
      Updating rules configuration for: JUNKDEVICES ...
      Restarting Snort to activate the new set of rules...
      Snort has restarted with your new set of rules.
      The Rules update has finished. Time: 2020-10-17 00:13:26

      1 Reply Last reply Reply Quote 0
      • I
        Impatient
        last edited by

        I have not seen a snort rule alert since the snort package was updated to take into consideration
        for long interface name's.
        I have gotten alert's for appid but that is all.

        I just use the subscriber rule's and appid with the same configuration you have.

        B 1 Reply Last reply Reply Quote 1
        • B
          beachbum2021 @Impatient
          last edited by

          @Impatient thank you for the feedback.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.