In your violation config, set actions=email,log,trap
Regards, -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Oct 29, 2015, at 16:40 , mourik jan heupink <[email protected]> wrote: > > Hi Louis, > > That helped. I was now able to set the violation. however, it seems to > have 'expired' immediately. I created a "merit - defaults - to isolation > lan" violation, set it to my own host, and it shows like this: > >> merit - defaults - to isolation lan 2015-10-29 21:37:40 2015-10-29 >> 21:37:40 > > Release date is the same date/time as the Start date. > > When searching the host based on violation starts with "merit", I get > zero results. So it seems to expired already. > > This is my violation: > >> [1500002] >> priority=4 >> trigger= >> actions=email,log >> max_enable=3 >> desc=merit - defaults - to isolation lan >> enabled=Y >> template=generic >> auto_enable=N >> delay_by=0s >> vlan=isolation >> grace=120m >> whitelisted_categories= >> button_text=Enable Network > > Is there something wrong with my violation? > > MJ > > On 10/29/2015 03:29 PM, Louis Munro wrote: >> I believe you are missing the “window” option to your defaults: >> >> Add it to the violations.conf like this >> >> [defaults] >> window=0 >> … >> >> and then try a pfcmd configreload hard. >> >> >> Your violation inherits from those defaults, so the missing value >> prevents it from being inserted in the database. >> >> Regards, >> -- >> Louis Munro >> [email protected] <mailto:[email protected]> :: www.inverse.ca >> <http://www.inverse.ca> >> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) >> and PacketFence (www.packetfence.org <http://www.packetfence.org>) >> >>> On Oct 29, 2015, at 5:11 , mourik jan heupink <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Here is violations.conf: >>> >>> [defaults] >>> priority=4 >>> max_enable=3 >>> actions=email,log >>> auto_enable=Y >>> enabled=N >>> grace=120m >>> delay_by=0s >>> button_text=Enable Network >>> snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules >>> # vlan: The vlan parameter allows you to define in what vlan a node with >>> a violation will be put in. >>> # Accepted values are the vlan names: isolation, normal, registration, >>> macDetection, inline, voice >>> # and all the roles names you defined in the node_category table. (see >>> switches.conf) >>> vlan=isolation >>> # if you add a role/category here, nodes in these roles/categories will >>> be immune to the violation >>> whitelisted_categories= >>> template=generic >>> trigger= >>> desc=defaults >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
