My today's IPS log is included in the attachment.
But I only received the warning about this event:
2009:09:28-08:29:06 astaro1 snort[14297]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="WEB-MISC robots.txt access" group="211" srcip="67.218.116.162" dstip="192.168.0.90" proto="6" srcport="49065" dstport="80" sid="1852" class="access to a potentially vulnerable web application" priority="2" generator="1" msgid="0"
All other events and especially the FTP events (also see https://community.sophos.com/products/unified-threat-management/astaroorg/f/98/t/68482) didn't produce any alert notification; they aren't counted on the dashboard, too!
In order to avoid a flood of alerts I would also like to add a feature request: the admin should be given the ability to choose which types of alerts he wants to receive (e.g. snort, floods, portscans etc.)
Regards,
Bastian
Guest User!
You are not Sophos Staff.
