SNORT not blocking any alerts other than (http_inspect) alerts

  • Anyone had this issue before?

    Blocking is enabled, all preprocessors are selected and most emerging rules (freshly updated) are checked. Many alerts are generated, but snort only blocks (http_inspect) alerts. All else seems to be running fine.

    I can't see any obvious stupidities on my side - any comments are welcome?

    I'm using 2.01.

  • Aren't these non blocking alerts from white-listed ips?

  • I have none whitelisted. I tested it by enabling all emerging rules, thus all sorts of alerts pop up. However, only the (http_inspect) alerts are blocked.

    Blocking is enabled, along with all the preprocessors. Snort is running - I tried reinstalling, manually updating rules, rebooting. Also, checked the system logs -all seem well. But no other alerts are blocked.

    I'm stumped. What am I doing wrong?

Log in to reply