SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003560: Snort not logging all detected rules - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003560Endian FirewallIntrusion Preventionpublic2011-03-27 01:252011-03-27 01:25
Reportergmar_87 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0003560: Snort not logging all detected rules
DescriptionThe following rules were being blocked by IDS, but not showing up in IDS logs or /var/log/snort/alert

2002994 ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
2002995 ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack

These were the only rules that i needed to allow, so i don't know if other rules aren't being logged either.
Steps To Reproduce
Additional InformationIMAP mail server behind Endian firewall. Connections from external network were unsuccessful. Disabling IDS allowed IMAP connections from external network. I had to search through all rules and try allowing anything with "IMAP" until I found 2002994 & 2002995 to be the problem.

With a working log for these rules i wouldn't have to waste so much time.

Multiple notifications for allow rules may not be logging either...
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2011-03-27 01:25gmar_87New Issue

There are no notes attached to this issue.