I believe you are missing the “window” option to your defaults: Add it to the violations.conf like this
[defaults] window=0 … and then try a pfcmd configreload hard. Your violation inherits from those defaults, so the missing value prevents it from being inserted in the database. Regards, -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Oct 29, 2015, at 5:11 , mourik jan heupink <[email protected]> wrote: > > Here is violations.conf: > > [defaults] > priority=4 > max_enable=3 > actions=email,log > auto_enable=Y > enabled=N > grace=120m > delay_by=0s > button_text=Enable Network > snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules > # vlan: The vlan parameter allows you to define in what vlan a node with > a violation will be put in. > # Accepted values are the vlan names: isolation, normal, registration, > macDetection, inline, voice > # and all the roles names you defined in the node_category table. (see > switches.conf) > vlan=isolation > # if you add a role/category here, nodes in these roles/categories will > be immune to the violation > whitelisted_categories= > template=generic > trigger= > desc=defaults
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
