Managing custom intrusion signatures

Note: Use custom signatures with caution because the Smoothwall Filter and Firewall can't verify custom signature integrity.

WARNING: If you delete custom signatures, the Smoothwall Filter and Firewall deletes all custom signatures. If there are detection or prevention policies that use custom signatures, the signatures are deleted from the policies.

Prerequisite

To use rulesets supplied by snort.org:

1. Register at snort.org.
2. Log on and click your email address.
3. Click Oinkcode.
4. Copy the code.

Procedure

1. On the SERVICES menu, under the Intrusion system submenu, click Signatures.
   • To upload a custom signature, under the Custom Signatures section, click Choose File and find the signatures file that you want and click Upload.
   • To turn on logging intrusion events in the syslog, under the Intrusion System section, select Use syslog for Intrusion logging.
   • To use rulesets supplied by snort.org and apply an Oinkcode, under the Sourcefire VRT Signatures section, in the Oink code box, paste the Oinkcode and click Update.
2. Click Save.