Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
diabled IDS alert still alerting
« previous
next »
Print
Pages: [
1
]
Author
Topic: diabled IDS alert still alerting (Read 2211 times)
kc6785
Newbie
Posts: 5
Karma: 1
diabled IDS alert still alerting
«
on:
April 05, 2020, 08:26:46 pm »
Hi, forgive me for another newbee question.
I downloaded and enabled all the rulesets in the IDS with alert only, and am getting lots of alerts, but only from a few rules. So on the Alerts tab, I clicked on the Info icon on an alert, and unchecked the "Enabled" box in the pop-up Alert Info window. So this Alert should be disabled now. I reclicked the "info" icon and reopened the Info window to confirm.
But even after I restarted the service, or restarted the opnsense box, the same alert is still coming.
What did I miss? How to really disable this alert or rule?
Thanks in advance for your help.
Logged
kc6785
Newbie
Posts: 5
Karma: 1
Re: diabled IDS alert still alerting
«
Reply #1 on:
April 08, 2020, 03:33:05 am »
I will add a little more detail to this problem.
For example, one of the Alert I just got again is "ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel". If I click the Info icon to the right of the alert instance, the Alert info window pops up. At the bottom of the window, Configured Action: Alert is selected, but Enabled is unchecked.
If I go to Rules, and find this rule 2022913, the Enabled check box to the right of this rule is also unchecked.
So you see, this rule is disabled, but the alerts are still coming for this rule.
Any one can help?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
diabled IDS alert still alerting