SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003560: Snort not logging all detected rules - MantisBT
MantisBT - Endian Firewall
View Issue Details
0003560Endian FirewallIntrusion Preventionpublic2011-03-27 01:252011-03-27 01:25
gmar_87 
 
normalmajoralways
newopen 
2.4.1 
 
0003560: Snort not logging all detected rules
The following rules were being blocked by IDS, but not showing up in IDS logs or /var/log/snort/alert

2002994 ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
2002995 ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack

These were the only rules that i needed to allow, so i don't know if other rules aren't being logged either.
IMAP mail server behind Endian firewall. Connections from external network were unsuccessful. Disabling IDS allowed IMAP connections from external network. I had to search through all rules and try allowing anything with "IMAP" until I found 2002994 & 2002995 to be the problem.

With a working log for these rules i wouldn't have to waste so much time.

Multiple notifications for allow rules may not be logging either...
No tags attached.
Issue History
2011-03-27 01:25gmar_87New Issue

There are no notes attached to this issue.