EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Friday 27 December 2024, 11:26:21 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Get the new Updates directly from Endian
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
More Settings for Snort
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: More Settings for Snort (Read 16905 times)
theOtherDave
Jr. Member
Offline
Posts: 2
More Settings for Snort
«
on:
Friday 14 August 2015, 12:28:57 am »
Hello all,
Previous Untangle user recently come over to Endian. I have a question - I am trying out endian in three different spots on my network - total 25 or 30 devices (family of 5, computers, laptops, cel phones, smart TVs, Apple TVs, , Game consoles, etc etc.)
I am trying out the IPS section (I've run snort in a business context before) and while it's quite nice, mostly what I get out of it is an endless spew of "experimental tcp options found" - and I have to wade through an ocean of experimental tcp options to find anything else that really matters.
So, two options to either disable this or work around it:
1. can I disable the check that causes this ridiculous flood of junk? or,
2. Is there any way to configure the logging to only log IPS items that are worse than severity level 3?
Option 1 is preferred of course, but option 2 would at least help me get endian to shut up so I can see if there are any "real" problems.
Please let me know.
Logged
theOtherDave
Jr. Member
Offline
Posts: 2
Re: More Settings for Snort
«
Reply #1 on:
Friday 14 August 2015, 12:39:59 am »
A little search found me this note:
seclists.org/snort/2008/q3/20
Which states I can work past the problem by adding the following to snort.conf:
config disable_tcpopt_alerts
But, sadly, if I do this, and then reboot, endian removes this line from snort.conf - even though I put it above the "Do not edit past this line" warning.
Logged
boergnet
Full Member
Offline
Posts: 16
Re: More Settings for Snort
«
Reply #2 on:
Saturday 15 August 2015, 02:49:14 am »
Do not edit the '/etc/snort/snort.conf' directly as EFW creates this file from the template every time the proxy is started so your changes will be overwritten.
Edit /etc/snort/snort.conf.tmpl
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com