3. Snort 2.9.2.3 v. 2.5.1 - Rule selections not persisting after restart of snort

Snort 2.9.2.3 v. 2.5.1 - Rule selections not persisting after restart of snort

  • S

    I just installed pfsense 2.0.1 (amd64) and added 2.9.2.3 pkg v. 2.5.1.  I'm only using the Emerging Threats rules and its not set for autoupdate.
    As a test, I've enabled all of the pre-processors and turned on a handful of categories.  To test out the functionality, I enabled GPL ICMP_INFO PING from the emerging-icmp_info.rules category which was originally disabled by default.  I can ping the external interface and the alerts are viewable as I'd expect.

    However, when a of the snort service occurred, I no longer saw alerts for this rule appearing.  I re-checked the rule and was surprised to see it disabled.  After re-enabling this rule and then restarting, I am able to trigger alerts again.  Is this expected? Are there any work arounds for this?  I'd like for my selections to persist after a restart of the service.

    Also, to the far right of each rule is a button to "edit rule" when I click on this, I can see the rules listing for the category open in a new window called " Advanced: File Editor". However, I don't see any way to save a change made to this file.  I only see the button for cancel.  Can this file be edited from the browser window?

    Thanks

    0
  • X

    I am also wondering if and when this will be fixed.

    Thanks.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy