Snort 2.8.4.1 pkg v. 1.5 Categories Disable Rules after update



  • Does anyone has the same experience on Snort 2.8.4.1 pkg v. 1.5 in disabling Rules?

    As I am not very good in explaining such cases, so these are my steps:

    For example:
    I go to Snort "Catergories" and select "emergency-scan.rules" then disable one of the rule (SID "2002992" ET SCAN Rapid POP3 Connections - Possible Brute Force Attack) and click "Apply Changes".

    Then run an "Update Rules" and go back to this "emergency-scan.rules" interface, this "SID" rules I last disabled has become activated again.

    Isn't it supposed to stay as disabled?

    DavC



  • DavC

    Yes, every time you make rule changes they are reset if you do a rule update.

    I working on a solution right now. This is very important to me to.
    I want to have this fixed in the next 2 days.

    James



  • James,

    Many thanks for looking after this issue.

    Look forward to hearing the good news from you.

    Best Regards,

    DavC



  • James…

    I'm still seeing double error notifications. Any idea why?



  • There not error messages just snort statistics and general info.
    Im going to disable logging to system logs on start-up by editing the snort source code.

    James


Log in to reply