Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.2.3 v. 2.5.1 - Rule selections not persisting after restart of snort

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sdb1031
      last edited by

      I just installed pfsense 2.0.1 (amd64) and added 2.9.2.3 pkg v. 2.5.1.  I'm only using the Emerging Threats rules and its not set for autoupdate.
      As a test, I've enabled all of the pre-processors and turned on a handful of categories.  To test out the functionality, I enabled GPL ICMP_INFO PING from the emerging-icmp_info.rules category which was originally disabled by default.  I can ping the external interface and the alerts are viewable as I'd expect.

      However, when a of the snort service occurred, I no longer saw alerts for this rule appearing.  I re-checked the rule and was surprised to see it disabled.  After re-enabling this rule and then restarting, I am able to trigger alerts again.  Is this expected? Are there any work arounds for this?  I'd like for my selections to persist after a restart of the service.

      Also, to the far right of each rule is a button to "edit rule" when I click on this, I can see the rules listing for the category open in a new window called " Advanced: File Editor". However, I don't see any way to save a change made to this file.  I only see the button for cancel.  Can this file be edited from the browser window?

      Thanks

      1 Reply Last reply Reply Quote 0
      • X
        xbaldx
        last edited by

        I am also wondering if and when this will be fixed.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.