IDS/IPS new settings

Started by hushcoden, August 01, 2020, 06:44:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 01, 2020, 06:44:45 PM
I've just updated to 20.7 and noticed that in "Intrusion Detection" --> "Administration" there is the new setting 'Detecting Profile': no idea what the different options mean (default, low, medium, high, custom)  ???

What default does?

Where can I find a simple document which explains the different settings?

Tia.
August 02, 2020, 06:42:41 PM #1
August 02, 2020, 09:05:11 PM #2
Thanks FullyBorked !

Another thing I've noticed is that the log looks different than when I had 20.1 & Suricata 4 (see attahcment): does anybody know how to get in the log the same info (i.e. timestamp, info about each rule, etc.) I had before ?

Tia.
August 03, 2020, 10:00:15 PM #3
Yeah I implemented that new settings. It allows you to use more memory to group large sets of rules.

I noticed the same thing, it now shows stats log, so I disabled this to get back the normal log.

https://forum.opnsense.org/index.php?topic=18288.0
August 04, 2020, 10:30:53 AM #4
This will be fixed in next version:
https://github.com/opnsense/core/commit/6dbd1d4abc9e64baa8f919c5bfb02ffc261512bb


You can also patch via CLI:
opnsense-patch 6dbd1d4
August 04, 2020, 10:39:51 AM #5
Quote from: mimugmail on August 04, 2020, 10:30:53 AM
This will be fixed in next version:
https://github.com/opnsense/core/commit/6dbd1d4abc9e64baa8f919c5bfb02ffc261512bb


You can also patch via CLI:
opnsense-patch 6dbd1d4

Thx, I would be more happy to disable stats.log, as its writing to disk every 8 seconds.
August 11, 2020, 10:16:06 AM #6
Greetings,

as i have enough memory free would it make sense to set the Detect Profile to custom and above 100?

High is stated with 75.

thanks
armin
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
Print
Go Up Pages1
User actions