Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort: Rules with flow:established won't trigger alerts?

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jackbenny
      last edited by

      Hi all,

      I've been struggling with getting Snort rules to trigger alerts. After 3 days of testing I finally manage to trigger alerts, but only after removing flow:established from all the rules… I've search Google for it and found that many people seems to have the very same problem. But sad enough, no solution was to be found.
      Has anyone here had the same problem?
      pfSense 2.0.1-RELEASE (amd64), Snort 2.9.1 pkg v. 2.1.1

      Have a nice day all!

      Cheers,
      Jack-Benny

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.