Event Action Filter not working

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrey.dugin Wed, 10/28/2009 - 02:42

Event action rules set is assigned to virtual sensor. If you have assigned event action rules set to one virtual sensor and another rules to another vs:

rules0 - vs0

rules1 - vs1

you must create filter on every rules set to substract some action on whole sensor.

andrey.dugin Wed, 10/28/2009 - 03:08

Sig 2004/0 ICMP Echo Request is disabled by default.

Did you activate the same action in signature action and substract action in the filter?

andrey.dugin Wed, 10/28/2009 - 06:34

OK, but, for example, if you activate action "produce verbose alert" in signature but check the action to substract "produce alert" or don't check any filters must not work.

Post the config fragments of signature and of filters here.


This Discussion