I couldn't care less about port scans and I like to have alerts emailed to me. Instead of seeing important alerts (losing a WAN line, catching malware, etc) I'm getting tons and tons of "possible port scans." Its incredibly annoying and so far I cannot find any way to turn them off without turning off all alerts. Please tell me this is possible. Thanks!
Asked
Active
Viewed 6,155 times
2
-
I ended up disabling the email alerts because of it sending too many emails. Could you post what categories are checked under the alert column on the Logs -> Categories page? I currently have Attacks and System Errors, and I think Attacks should be unchecked. – KJ-SRS Feb 23 '11 at 23:26
-
1It looks like its in the category "Intrusion Detection." If I shut that off I lose all my ID alerts. Oh well, maybe I'll just leave it on. Its a shame I can't just disable that one rule. – DrZaiusApeLord Feb 24 '11 at 14:37
3 Answers
1
We have a SonicWall with OS v6.2 and I was able to navigate to Log > Settings and find the categories Attacks > Port Scan Probable & Attacks > Port Scan Possible and uncheck the Email setting for them.
mlhDev
- 121
- 2
0
I ran into this problem also but mlhDevs Tip did it for me. A little more detailed to get there is: Log / settings / Security Services / Attacks / Port Scan Possible. Edit that rule and disable the email notifications.
