Yes!! That was the missing thing. Thanks!
On 10/30/2015 02:47 PM, Louis Munro wrote: > In your violation config, set > > actions=email,log,trap > > Regards, > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > >> On Oct 29, 2015, at 16:40 , mourik jan heupink <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Louis, >> >> That helped. I was now able to set the violation. however, it seems to >> have 'expired' immediately. I created a "merit - defaults - to isolation >> lan" violation, set it to my own host, and it shows like this: >> >>> merit - defaults - to isolation lan 2015-10-29 21:37:40 2015-10-29 >>> 21:37:40 >> >> Release date is the same date/time as the Start date. >> >> When searching the host based on violation starts with "merit", I get >> zero results. So it seems to expired already. >> >> This is my violation: >> >>> [1500002] >>> priority=4 >>> trigger= >>> actions=email,log >>> max_enable=3 >>> desc=merit - defaults - to isolation lan >>> enabled=Y >>> template=generic >>> auto_enable=N >>> delay_by=0s >>> vlan=isolation >>> grace=120m >>> whitelisted_categories= >>> button_text=Enable Network >> >> Is there something wrong with my violation? >> >> MJ >> >> On 10/29/2015 03:29 PM, Louis Munro wrote: >>> I believe you are missing the “window” option to your defaults: >>> >>> Add it to the violations.conf like this >>> >>> [defaults] >>> window=0 >>> … >>> >>> and then try a pfcmd configreload hard. >>> >>> >>> Your violation inherits from those defaults, so the missing value >>> prevents it from being inserted in the database. >>> >>> Regards, >>> -- >>> Louis Munro >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected]> :: www.inverse.ca <http://www.inverse.ca> >>> <http://www.inverse.ca> >>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu> >>> <http://www.sogo.nu>) >>> and PacketFence (www.packetfence.org <http://www.packetfence.org> >>> <http://www.packetfence.org>) >>> >>>> On Oct 29, 2015, at 5:11 , mourik jan heupink <[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected]>> wrote: >>>> >>>> Here is violations.conf: >>>> >>>> [defaults] >>>> priority=4 >>>> max_enable=3 >>>> actions=email,log >>>> auto_enable=Y >>>> enabled=N >>>> grace=120m >>>> delay_by=0s >>>> button_text=Enable Network >>>> snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules >>>> # vlan: The vlan parameter allows you to define in what vlan a node with >>>> a violation will be put in. >>>> # Accepted values are the vlan names: isolation, normal, registration, >>>> macDetection, inline, voice >>>> # and all the roles names you defined in the node_category table. (see >>>> switches.conf) >>>> vlan=isolation >>>> # if you add a role/category here, nodes in these roles/categories will >>>> be immune to the violation >>>> whitelisted_categories= >>>> template=generic >>>> trigger= >>>> desc=defaults >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
