Hi Louis, That helped. I was now able to set the violation. however, it seems to have 'expired' immediately. I created a "merit - defaults - to isolation lan" violation, set it to my own host, and it shows like this:
> merit - defaults - to isolation lan 2015-10-29 21:37:40 2015-10-29 > 21:37:40 Release date is the same date/time as the Start date. When searching the host based on violation starts with "merit", I get zero results. So it seems to expired already. This is my violation: > [1500002] > priority=4 > trigger= > actions=email,log > max_enable=3 > desc=merit - defaults - to isolation lan > enabled=Y > template=generic > auto_enable=N > delay_by=0s > vlan=isolation > grace=120m > whitelisted_categories= > button_text=Enable Network Is there something wrong with my violation? MJ On 10/29/2015 03:29 PM, Louis Munro wrote: > I believe you are missing the “window” option to your defaults: > > Add it to the violations.conf like this > > [defaults] > window=0 > … > > and then try a pfcmd configreload hard. > > > Your violation inherits from those defaults, so the missing value > prevents it from being inserted in the database. > > Regards, > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > >> On Oct 29, 2015, at 5:11 , mourik jan heupink <[email protected] >> <mailto:[email protected]>> wrote: >> >> Here is violations.conf: >> >> [defaults] >> priority=4 >> max_enable=3 >> actions=email,log >> auto_enable=Y >> enabled=N >> grace=120m >> delay_by=0s >> button_text=Enable Network >> snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules >> # vlan: The vlan parameter allows you to define in what vlan a node with >> a violation will be put in. >> # Accepted values are the vlan names: isolation, normal, registration, >> macDetection, inline, voice >> # and all the roles names you defined in the node_category table. (see >> switches.conf) >> vlan=isolation >> # if you add a role/category here, nodes in these roles/categories will >> be immune to the violation >> whitelisted_categories= >> template=generic >> trigger= >> desc=defaults > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
