Hello,
Not directly related to 25.7.4, as it was already the same in previous versions.
I have no log, neither in Service -> Intrusion detection -> Log file, nor in Service -> Intrusion detection -> Alerts
In Service -> Intrusion detection
I have the "We strongly advise to use policies instead of single rule based changes to limit the size of the configuration. A list of all manual changes can be revised in the policy editor (available here )" at the top.
In Service -> Intrusion detection -> Administration,
I have IDS and IPS on (checked)
I have selected all 3 LAN interfaces (not WAN)
I have selected pattern match: Hyperscan
I have checked Enable syslog alerts with a daily rotation
In Service -> Intrusion detection -> Download,
I have selected all abuse.ch and ET open,
I have enabled it, then downloaded it
In Service -> Intrusion detection -> Rules,
I have about 107406 lines, but I can no longer access/view it, each time I click on that tab, the entire system Stales, almost freezes
Right now, I clicked on it and the computer lags a lot ! (The other computers seems to have no problem)
It takes ages to move to another tab.
I have to close the browser tab and open a new one to get out of the loop.
In Service -> Intrusion detection -> User Define,
I have a bypass rule for my work computer
In Service -> Intrusion detection -> Alerts,
I have none (IDS been running for about 15 days)
In Service -> Intrusion detection -> Schedules,
I have the standard rules update and reload,
I have a weekly trim and a monthly scrub
In Service -> Intrusion detection -> Policy,
I have 6 policies, each invoking its own set of rules
In Service -> Intrusion detection -> Log Files
I have only 1 line (since my last reset, 8 days ago) :
- [100837] <Warning> -- flowbit 'ET.000webhostpost' is checked but not set. Checked in 2052143 and 0 other sigs
I don't think it's normal that I have no log whatsoever, what do you think ?