ClearFoundation Tracker - ClearOS | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000127 | ClearOS | app-intrusion-detection - Intrusion Detection | public | 2010-08-23 08:47 | 2013-02-01 15:19 |
| Reporter | timb80 | ||||
| Assigned To | user2 | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | suspended | ||
| Platform | OS | OS Version | |||
| Product Version | 5.2 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0000127: Intrusion detection reports shows entries from previous year | ||||
| Description | The intrusion detection report is not 'year friendly'. It shows entries which occured last August, this was apparent after attempting to locate an attacking IP from this months summary report, and it was specified with a forward date of 25th August. Today is the 23rd. With a bit of investigation is appears the logs are stored in /var/webconfig/reports/snort/ under monthly numbered folders. By inspecting the file /var/webconfig/reports/snort/08/25/details.gz it was apparent that the IP was present but presumably from last year (2009) Please can we prevent these old entries from appearing or flush them? [root@starlane ~]# ls -la /var/webconfig/reports/snort/08/25/details.gz -rw-r--r-- 1 root root 488 Aug 25 2009 /var/webconfig/reports/snort/08/25/details.gz | ||||
| Steps To Reproduce | |||||
| Additional Information | Another useful addition - would be the ability to hide local known WAN/LAN IP addresses from the attackers / victim list. They tend to obscur the data and these could(?) be whitelisted from the reports | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2010-08-23 08:47 | timb80 | New Issue | |||
| 2010-08-23 09:00 | timb80 | Note Added: 0000216 | |||
| 2010-08-24 18:45 | user2 | Status | new => assigned | ||
| 2010-08-24 18:45 | user2 | Assigned To | => user2 | ||
| 2011-02-08 15:30 | user2 | Category | Reports - Intrusion Detection => app-intrusion-detection - Snort | ||
| 2013-02-01 15:18 | user2 | Status | assigned => resolved | ||
| 2013-02-01 15:18 | user2 | Resolution | open => suspended | ||
| 2013-02-01 15:19 | user2 | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||