Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort: Clear Pending Changes?

    IDS/IPS
    3
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi,

      If I have hit the Remove all changes to all categories button by accident on a particular interface, but not yet pressed Apply Changes, is there any way I can clear the pending removal?

      Regards,
      Rob.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Hmmm, like - go away from the page? Or that doesn't work?

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          There will be text file created in /var/run with an extension of ".dirty".  I don't recall the rest of the filename, but I suspect it will have "snort" in the name someplace.  Delete that.  Just do not delete any *.pid files!  The code uses the native function mark_subsystem_dirty() to flag changes.  Other native pfSense code checks files created by that function to see when to display the "apply changes" prompt.

          Of course a firewall reboot will also clear the message, but simply deleting the file will fix it without a reboot.

          Bill

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User
            last edited by

            Brilliant, a firewall reboot dealt with it.  Navigating away did not remove the dirty file.  Might be useful if there were some sort of 'purge' facility available for handling unwanted pending changes.

            Regards,
            Rob.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post