SNORT problem
-
Hi,
I have changed by mistake SNORT settings in Alerts tab to show 3000 or 30000 and it is now refreshing to blank page so I cannot change it back to 300.
How can I change it back to show only 300 or so if the GUI interface of Alerts tab does not load.
pf 2.1, snort Installed: 2.9.4.6 pkg v. 2.6.0
Thanks,
-
Hi,
I have changed by mistake SNORT settings in Alerts tab to show 3000 or 30000 and it is now refreshing to blank page so I cannot change it back to 300.
How can I change it back to show only 300 or so if the GUI interface of Alerts tab does not load.
pf 2.1, snort Installed: 2.9.4.6 pkg v. 2.6.0
Thanks,
Well, first off that is an old version of Snort. The current package is 2.9.5.5 v3.0.3. I would suggest upgrading if possible. If not here is how to change the value back manually.
First, make sure you give it enough time to actually read 30,000 rows. That could take several minutes on a slow box. If you are satisfied that it actually won't come back to a displayed page, then you will need to manually edit the config.xml file to fix this.
Click Diagnostics…Edit File from the pfSense menu.
Browse to /conf and open the config.xml file in the editor window.
Scroll down near the bottom of the file and locate the section for <snortglobal></snortglobal>. In there are all the settings for Snort.
Find the element tag <alertnumber>30000</alertnumber>
Change the 30000 value to 250 and then save the change. That should put things back to the default.
Bill
