Snort 2.8.4.1 pkg v. 1.5 Categories Disable Rules after update
-
Does anyone has the same experience on Snort 2.8.4.1 pkg v. 1.5 in disabling Rules?
As I am not very good in explaining such cases, so these are my steps:
For example:
I go to Snort "Catergories" and select "emergency-scan.rules" then disable one of the rule (SID "2002992" ET SCAN Rapid POP3 Connections - Possible Brute Force Attack) and click "Apply Changes".Then run an "Update Rules" and go back to this "emergency-scan.rules" interface, this "SID" rules I last disabled has become activated again.
Isn't it supposed to stay as disabled?
DavC
-
DavC
Yes, every time you make rule changes they are reset if you do a rule update.
I working on a solution right now. This is very important to me to.
I want to have this fixed in the next 2 days.James
-
James,
Many thanks for looking after this issue.
Look forward to hearing the good news from you.
Best Regards,
DavC
-
James…
I'm still seeing double error notifications. Any idea why?
-
There not error messages just snort statistics and general info.
Im going to disable logging to system logs on start-up by editing the snort source code.James