Only the Expert policy has more than 10 rules enabled, it seems the rule policy still need some tweaking, I know we’ve talked about this before when I was trying ips in v6.7.
I can’t test snort at all really until I can get snort running with Expert policy per my previous post.
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|connectivity
May 23 11:34:03 server88 /sbin/e-smith/db[2666]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|expert
May 23 11:34:23 server88 esmith::event[2669]: Rule Stats...
May 23 11:34:23 server88 esmith::event[2669]: #011New:-------27256
May 23 11:34:23 server88 esmith::event[2669]: #011Deleted:---0
May 23 11:34:23 server88 esmith::event[2669]: #011Enabled Rules:----20467
May 23 11:34:23 server88 esmith::event[2669]: #011Dropped Rules:----0
May 23 11:34:23 server88 esmith::event[2669]: #011Disabled Rules:---6789
May 23 11:34:23 server88 esmith::event[2669]: #011Total Rules:------27256
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|expert
May 23 11:56:45 server88 /sbin/e-smith/db[3246]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|security
May 23 11:56:59 server88 esmith::event[3249]: Rule Stats...
May 23 11:56:59 server88 esmith::event[3249]: #011New:-------0
May 23 11:56:59 server88 esmith::event[3249]: #011Deleted:---0
May 23 11:56:59 server88 esmith::event[3249]: #011Enabled Rules:----8
May 23 11:56:59 server88 esmith::event[3249]: #011Dropped Rules:----906
May 23 11:56:59 server88 esmith::event[3249]: #011Disabled Rules:---26342
May 23 11:56:59 server88 esmith::event[3249]: #011Total Rules:------27256
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|security
May 23 12:10:50 server88 /sbin/e-smith/db[3878]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|balanced
May 23 12:11:03 server88 esmith::event[3881]: Rule Stats...
May 23 12:11:03 server88 esmith::event[3881]: #011New:-------0
May 23 12:11:03 server88 esmith::event[3881]: #011Deleted:---0
May 23 12:11:03 server88 esmith::event[3881]: #011Enabled Rules:----10
May 23 12:11:03 server88 esmith::event[3881]: #011Dropped Rules:----785
May 23 12:11:03 server88 esmith::event[3881]: #011Disabled Rules:---26461
May 23 12:11:03 server88 esmith::event[3881]: #011Total Rules:------27256
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: OLD pulledpork=configuration|Policy|balanced
May 23 12:12:34 server88 /sbin/e-smith/db[4403]: /var/lib/nethserver/db/configuration: NEW pulledpork=configuration|Policy|connectivity
May 23 12:12:47 server88 esmith::event[4406]: Rule Stats...
May 23 12:12:47 server88 esmith::event[4406]: #011New:-------0
May 23 12:12:47 server88 esmith::event[4406]: #011Deleted:---0
May 23 12:12:47 server88 esmith::event[4406]: #011Enabled Rules:----2
May 23 12:12:47 server88 esmith::event[4406]: #011Dropped Rules:----8
May 23 12:12:47 server88 esmith::event[4406]: #011Disabled Rules:---27246
May 23 12:12:47 server88 esmith::event[4406]: #011Total Rules:------27256