Hello guys,
I am currently running a fresh install of SFOS 18.0.1 MR-1-Build396. I am currently using the default lan to wan ips policies setup.
However when I go to ips log (Log Viewer) I never see any logs. I have tried to trigger using nmap
SSH-ing into the device and checking the logs I only see
1598093593.227072540 [14631/0xe513000003a8] [nsg_tcphold.c:308:process_event] Could not find session for key and unique_id.
1598093908.107065200 [14631/0x117a0000007a] [nsg_tcphold.c:308:process_event] Could not find session for key and unique_id.
1598096445.590395776 [14630/0xda760000172c] [nsg_tcphold.c:308:process_event] Could not find session for key and unique_id.
1598099022.820409391 [14630/0x0] [nsg_nse_policy.c:1350:__nsg_error] 172.1.1.128:42644 to 31.13.64.17:443: Error from nse: NSE:Handshake [0xba00057a;code:122;sub:5] Unknown session
1598099835.600416045 [14630/0xbfa900000224] [nsg_tcphold.c:308:process_event] Could not find session for key and unique_id.
1598105236.070411875 [14630/0xad8a00000c52] [nsg_tcphold.c:308:process_event] Could not find session for key and unique_id.
[Aug 22 16:17:11 :14629]:transmit_pkts_for_session:[S:7682.45231] Max retransmit limit hit, pkt len 140, dir 0, eof 0. Sending notification to Snort
1598108905.671561463 [14630/0x3834000001c2] [nsg.c:1157:parser_context_resp_begin_cb] Cannot parse response (no known request while in response).-------------IPS Settings-------------
stream on
lowmem off
maxsesbytes 0
maxpkts 8
enable_appsignatures on
http_response_scan_limit 65535
search_method ac-bnfa
sip_preproc enabled
sip_ignore_call_channel enabled
inspect untrusted-content-------------IPS Instances------------ (no cpus)
IPS CPUAnd when using top I do see 4 snort process (I have 4 cores)
This thread was automatically locked due to age.
