Snort mailing list archives
RE: IDS Policy Manager trouble
From: "Jeff Dell" <jdell () activeworx com>
Date: Mon, 9 Jan 2006 11:52:22 -0500
This has actually been reported by a few people. So, I believe you that you haven't been drinking this morning. Maybe I had a few when the code was written though. This problem is something that we have yet been able to generate in our lab, but we are still working on it. If you could send any additional details to idspm () activeworx org on when this might be happening it will better help resolve this issue. Thanks! Jeff _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Larry Wichman Sent: Monday, January 09, 2006 10:17 AM To: Snorty S Snortman Subject: [Snort-users] IDS Policy Manager trouble I have the latest version of IDS Policy Manager. It seems like evert once in a while, signatures that I have turned off, turn them selves back on. Itsounds weird, but it always seems to be the same signatures too. For instance, sig id 2001848, I turn it off, push the policy, restart Snort and I do not notice it for a couple of days. All of a sudden, this signature is triggering all kinds of FPs. If I open up the rule file for that sig, it is not commented out. I open the policy and it is unchecked and if I exit and save, it shows up as "updated". Now, I know some of you may be thinking that I have already have had a couple of beers this morning ;) but I have been messing around with this for a while and I know I have unchecked that signature, pushed the policy and restarted Snort, only to see that sig re-enabled with out my input. Please!! Someone tell me I am not the only one and someone else has seen this before.
Current thread:
- IDS Policy Manager trouble Larry Wichman (Jan 09)
- RE: IDS Policy Manager trouble Jeff Dell (Jan 09)