Snort 220.127.116.11 pkg v. 1.5 Categories Disable Rules after update
Does anyone has the same experience on Snort 18.104.22.168 pkg v. 1.5 in disabling Rules?
As I am not very good in explaining such cases, so these are my steps:
I go to Snort "Catergories" and select "emergency-scan.rules" then disable one of the rule (SID "2002992" ET SCAN Rapid POP3 Connections - Possible Brute Force Attack) and click "Apply Changes".
Then run an "Update Rules" and go back to this "emergency-scan.rules" interface, this "SID" rules I last disabled has become activated again.
Isn't it supposed to stay as disabled?
Yes, every time you make rule changes they are reset if you do a rule update.
I working on a solution right now. This is very important to me to.
I want to have this fixed in the next 2 days.
Many thanks for looking after this issue.
Look forward to hearing the good news from you.
I'm still seeing double error notifications. Any idea why?
There not error messages just snort statistics and general info.
Im going to disable logging to system logs on start-up by editing the snort source code.