For Network IPS appliances, the integrated
SNORT system
identifies errors one error at a time. Because of this process flow,
you must troubleshoot and fix each error to successfully apply the
SNORT policy.
Errors
SNORT
errors occur when the integrated
system detects configuration contents or rules that it identifies
as invalid. In the Network IPS Local Management Interface and in the SiteProtector™ system, the
appliance displays a message that the policy failed to apply if you
submit settings with errors on the
SNORT Configuration or
the
SNORT Rules tab. The error message includes
information from SNORT to help fix the issue. For SNORT rule errors,
the message lists the SID and message string. The system reports the
policy failure as a significant event.
Tip: Use a syntax
checker on SNORT rules to help decrease the number of invalid rules.
Troubleshooting
Troubleshooting the integrated
SNORT system is an iterative process because it identifies one error
at a time. When the system detects an error, it fails to apply the
policy settings and reports the failure. You must troubleshoot the
error before you can successfully apply the policy settings. After
you fix the error, you must reapply the settings. If the system finds
no other errors in the configuration contents or in the rules, then
it reapplies the policy settings successfully. However, if the system
finds other errors, it repeats this process for each one.
Note: To
find the health status of the SNORT engine, go to .