This has actually been reported by a few people. So, I believe you that you
haven't been drinking this morning. Maybe I had a few when the code was
written though. This problem is something that we have yet been able to
generate in our lab, but we are still working on it. If you could send any
additional details to idspm@activeworx.org on when this might be happening
it will better help resolve this issue.
Thanks!
Jeff
_____
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Larry Wichman
Sent: Monday, January 09, 2006 10:17 AM
To: Snorty S Snortman
Subject: [Snort-users] IDS Policy Manager trouble
I have the latest version of IDS Policy Manager. It seems like evert once in
a while, signatures that I have turned off, turn them selves back on.
Itsounds weird, but it always seems to be the same signatures too. For
instance, sig id 2001848, I turn it off, push the policy, restart Snort and
I do not notice it for a couple of days. All of a sudden, this signature is
triggering all kinds of FPs. If I open up the rule file for that sig, it is
not commented out. I open the policy and it is unchecked and if I exit and
save, it shows up as "updated". Now, I know some of you may be thinking that
I have already have had a couple of beers this morning ;) but I have been
messing around with this for a while and I know I have unchecked that
signature, pushed the policy and restarted Snort, only to see that sig
re-enabled with out my input. Please!! Someone tell me I am not the only one
and someone else has seen this before.
