Has anyone experienced any issues with IPS on UTM 9?
It looks like it is configured correctly and listening on my internal LAN, yet IPS never caught a single entry even simulating i.e ping -s 666 and IDSwakeup etc do not yield any response/acknowledgment/ IPS log entry.
The only IPS log entries are:
2012:09:05-10:33:05 ****** snort[5448]: Reload thread started, thread 0xa5c57b70 (5448)
2012:09:05-10:33:05 ****** snort[5448]: Checking PID path...
2012:09:05-10:33:05 ****** snort[5448]: PID path stat checked out ok, PID path set to /var/run/
2012:09:05-10:33:05 ****** snort[5448]: Writing PID "5448" to file "/var/run//snort_1.pid"
2012:09:05-10:33:05 ****** snort[5448]: Set gid to 800
2012:09:05-10:33:05 ****** snort[5448]: Set uid to 800
2012:09:05-10:33:05 ****** snort[5448]:
2012:09:05-10:33:05 ****** snort[5448]: --== Initialization Complete ==--
2012:09:05-10:33:05 ****** snort[5448]: Commencing packet processing (pid=5448)
2012:09:05-10:33:05 ****** snort[5448]: Decoding Raw IP4
Am I missing anything?
It looks like it is configured correctly and listening on my internal LAN, yet IPS never caught a single entry even simulating i.e ping -s 666 and IDSwakeup etc do not yield any response/acknowledgment/ IPS log entry.
The only IPS log entries are:
2012:09:05-10:33:05 ****** snort[5448]: Reload thread started, thread 0xa5c57b70 (5448)
2012:09:05-10:33:05 ****** snort[5448]: Checking PID path...
2012:09:05-10:33:05 ****** snort[5448]: PID path stat checked out ok, PID path set to /var/run/
2012:09:05-10:33:05 ****** snort[5448]: Writing PID "5448" to file "/var/run//snort_1.pid"
2012:09:05-10:33:05 ****** snort[5448]: Set gid to 800
2012:09:05-10:33:05 ****** snort[5448]: Set uid to 800
2012:09:05-10:33:05 ****** snort[5448]:
2012:09:05-10:33:05 ****** snort[5448]: --== Initialization Complete ==--
2012:09:05-10:33:05 ****** snort[5448]: Commencing packet processing (pid=5448)
2012:09:05-10:33:05 ****** snort[5448]: Decoding Raw IP4
Am I missing anything?