SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002667: IDS is not starting if after disable an enable it again - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002667Endian FirewallGUIpublic2010-02-11 12:362011-02-22 09:53
aender 
peter-endian 
normalmajoralways
confirmedopen 
2.3 
future 
0002667: IDS is not starting if after disable an enable it again
First time we start IPS/Snort it would be started and shows correct at the dashboard with status ON.

Now we disable Snort and it would be stop and shows a correct status OFF at dashboard.

Now we enable Snort once again. We doesn´t see if it starts or not. Also the status at dashboard still shows OFF. Pressing save and restart button doesn´t change anything.

Also after reenabling Snort the "Automatically fetch SNORT rules" is disabled.

If we enable "Automatically fetch SNORT rules" and do a "save and restart" the gui shows a message that snort would be starting.

Now the status at dashboard is ON.

So i think there would be something wrong within the scripts for starting snort.
purple
Issue History
2010-02-11 12:36aenderNew Issue
2010-02-16 11:30luca-endianTag Attached: purple
2010-03-04 23:00peter-endianNote Added: 0003935
2010-03-04 23:00peter-endianStatusnew => confirmed
2010-03-04 23:00peter-endianTarget Version => future
2010-03-26 11:41ra-endianTarget Versionfuture => 2.3.1
2010-06-07 13:46peter-endianTarget Version2.3.1 => future
2010-07-18 13:19lightningbitNote Added: 0004628
2011-02-02 09:12lorenzo-endianCustomer Occurencies => 0
2011-02-02 09:12lorenzo-endianAssigned To => peter-endian
2011-02-18 16:31ra-endianAssigned Topeter-endian => lorenzo-endian
2011-02-18 16:31ra-endianStatusconfirmed => new
2011-02-22 09:53lorenzo-endianNote Added: 0005737
2011-02-22 09:53lorenzo-endianAssigned Tolorenzo-endian => peter-endian
2011-02-22 09:53lorenzo-endianStatusnew => confirmed

Notes
(0003935)
peter-endian   
2010-03-04 23:00   
well seems to have multiple issues :/

1) if snort will be enabled for the first time and there are no rules installed, it will not start and say nothing

2) "update rules now", does not cause snort to start, it must be started manually after download is completed.

3) after some restarts, something unckecks "download rules automatically". If there are no manually uploaded rules, this causes snort not to start due to no rules

4) after some restarts snort remains unmonitored, which causes the dashboard to show that IPS is off

5) when snort was running and it will be disabled restartsnort will be called automatically, which is fine. re-enabling it afterwards does not start restartsnort automatically, but save only the configuration. The user then needs to "save and restart". We need an apply-message here.

6) When that save-and-restart will be done after disabling and re-enabling, restartsnort will not be called nevertheless, because in that case no configuration has been changed (was already saved by re-enabling it).
A change (for example changing the update interval) followed by save-and-restart restarts really.

(0004628)
lightningbit   
2010-07-18 13:19   
more or less the same issues here (even just after the efw-update today)
only when efw is rebooted, the IDS shows started again

L.
(0005737)
lorenzo-endian   
2011-02-22 09:53   
Hello everybody,

today, this is the state of the art:

1) solved
2) solved
3) this happen when snort is running, then it is disabled, then one moves to another page and then come back to the snort page; in this case, the checkbox is not flagged anymore
4) cannot be tested now; i will do it asap
5) not solved
6) not solved

Cheers

Lo