Sorry to be such a pain, but after setting it to zero, the violation didn't apply anymore, it simply disappeared after clicking Trigger.
Nothing in violation.log or packetfence.log. So... I cloned it to a new violation, set max_enable to 0, and I could apply it. But the result is still the same: Start and Release Date are both set to current date and time, and the violation is displayed light grey. Note this is all for an inline client. Other suggestions? On 10/29/2015 09:47 PM, Louis Munro wrote: > Hi Mourik, > Try setting max_enable to 0. > > Regards, > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > >> On Oct 29, 2015, at 16:40 , mourik jan heupink <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Louis, >> >> That helped. I was now able to set the violation. however, it seems to >> have 'expired' immediately. I created a "merit - defaults - to isolation >> lan" violation, set it to my own host, and it shows like this: >> >>> merit - defaults - to isolation lan 2015-10-29 21:37:40 2015-10-29 >>> 21:37:40 >> >> Release date is the same date/time as the Start date. >> >> When searching the host based on violation starts with "merit", I get >> zero results. So it seems to expired already. >> >> This is my violation: >> >>> [1500002] >>> priority=4 >>> trigger= >>> actions=email,log >>> max_enable=3 >>> desc=merit - defaults - to isolation lan >>> enabled=Y >>> template=generic >>> auto_enable=N >>> delay_by=0s >>> vlan=isolation >>> grace=120m >>> whitelisted_categories= >>> button_text=Enable Network >> >> Is there something wrong with my violation? >> >> MJ >> >> On 10/29/2015 03:29 PM, Louis Munro wrote: >>> I believe you are missing the “window” option to your defaults: >>> >>> Add it to the violations.conf like this >>> >>> [defaults] >>> window=0 >>> … >>> >>> and then try a pfcmd configreload hard. >>> >>> >>> Your violation inherits from those defaults, so the missing value >>> prevents it from being inserted in the database. >>> >>> Regards, >>> -- >>> Louis Munro >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected]> :: www.inverse.ca <http://www.inverse.ca> >>> <http://www.inverse.ca> >>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu> >>> <http://www.sogo.nu>) >>> and PacketFence (www.packetfence.org <http://www.packetfence.org> >>> <http://www.packetfence.org>) >>> >>>> On Oct 29, 2015, at 5:11 , mourik jan heupink <[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected]>> wrote: >>>> >>>> Here is violations.conf: >>>> >>>> [defaults] >>>> priority=4 >>>> max_enable=3 >>>> actions=email,log >>>> auto_enable=Y >>>> enabled=N >>>> grace=120m >>>> delay_by=0s >>>> button_text=Enable Network >>>> snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules >>>> # vlan: The vlan parameter allows you to define in what vlan a node with >>>> a violation will be put in. >>>> # Accepted values are the vlan names: isolation, normal, registration, >>>> macDetection, inline, voice >>>> # and all the roles names you defined in the node_category table. (see >>>> switches.conf) >>>> vlan=isolation >>>> # if you add a role/category here, nodes in these roles/categories will >>>> be immune to the violation >>>> whitelisted_categories= >>>> template=generic >>>> trigger= >>>> desc=defaults >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
