IDS/IPS Restart / Reboot /Rule Change

karaman · August 31, 2020, 06:44:55 PM

Does the Suricata service have to restart or does the firewall have to be completely restarted?

I change rules and they don't work until I restart everything

karaman · September 01, 2020, 10:15:02 AM

No body an Idea?

Fright · September 01, 2020, 10:48:34 AM

can you please be a little more specific. what have you changed in the rule? what steps did you take?

karaman · September 01, 2020, 05:45:39 PM

I have set "ET SCAN Suspicious inbound to MSSQL port 1433" to Alarm only.
Butt the Suricata is still blocking. What must i make after change Rules / Rulesets.

Suricata doesnt use the new Rules.

I have already the Apply Button on Rules and also the Download and apply button.

Fright · September 01, 2020, 06:02:54 PM

"Apply" should be enough.
in suricata log shoud be strings -- rule reload starting and -- rule reload complete. after that changes starts working.

IDS/IPS Restart / Reboot /Rule Change

karaman

August 31, 2020, 06:44:55 PM

karaman

September 01, 2020, 10:15:02 AM #1

Fright

September 01, 2020, 10:48:34 AM #2

karaman

September 01, 2020, 05:45:39 PM #3

Fright

September 01, 2020, 06:02:54 PM #4