From: Peter B. <p....@go...> - 2010-05-14 14:47:22
|
Hello all... --On 13 May 2010 11:52 -0400 Olivier Bilodeau <obi...@in...> wrote: > The week before last week, I was digging in the trigger generation code > and noticed a feature I've never used. It would seem that you can do > something like this: > trigger=Detect::70020001-70023229 from conf/violations.conf: [2010348] desc=Zeus priority=2 auto_enable=Y url=/content/index.php?template=trojan disable=N trigger=Detect::2010348,Detect::70020001-7003240 actions=trap,email,log >From packetfence.log: May 14 15:11:34 pfdetect(0) INFO: alert received: 05/14-15:11:34.056359 [**] [1:7003230:0] Zeus [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.170.169.40:49166 -> 216.8.179.23:80 (main::) May 14 15:11:34 pfdetect(0) INFO: pfdetect: violation 7003230 [Zeus]: 00:1c:b3:c6:96:59 (main::) It doesn't write anything to violation.log or actually trigger a violation however. Am I missing something? -- Peter Bates, Network Support & Development Officer Goldsmiths, University of London New Cross, London SE14 6NW. Telephone: 020 7919 7082 |