Sign in to follow this  
Followers 0
Morpheus

Technical Advisory: Reverting High-Volume Logging

Started by Morpheus,

1 post in this topic

Posted

If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events.

While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed.

Procedure to Restore Default Rule Policy

Follow these steps to deactivate the testing rules and return to the standard configuration:

  1. Modify Configuration:

    • Navigate to the Pulledpork\etc folder via File Explorer.

    • Right-click enablesid.conf and open it with Notepad.

    • Locate the line beginning with pcre:.

    • Comment out the line by adding a # at the start (e.g., # pcre:.)

    • Save and exit.

  2. Clear Temporary Files:

    • Navigate to the Pulledpork\temp folder.

    • Delete the two files located in this directory.

    • Close File Explorer.

  3. Update Rule Set:

    • Open the Start Menu and locate and open the WinSnort folder.

    • Run the Rules Updater.

This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Auto Installing an Apache2 Web Server logging events to a PostgreSQL Database