Request for additional logginf info

I have logging turned on for blocked items to see what the firewall is doing. These following entries were from this morning:
5/4/2009 10:48:10 AM Packet blocked by active defense (IDS) 89.202.157.201:80 192.168.1.102:49349 TCP
5/4/2009 10:48:04 AM Packet blocked by active defense (IDS) 89.202.157.201:80 192.168.1.102:49349 TCP
5/4/2009 10:44:24 AM Packet blocked by active defense (IDS) 89.202.157.203:80 192.168.1.102:49243 TCP
5/4/2009 10:35:03 AM Packet blocked by active defense (IDS) 89.202.157.209:80 192.168.1.102:49184 TCP

The 89.202.157.209 IP is ESET. It would be nice if you can indicate which IDS rule did the block. THere is no pattern to block like this (I see one or two a day) and turning the rules off one by one is no guarantee that I will find the one actually used.

How about more info so I can see what the FW is actually doing?

 

Continuing saga of firewall problems..

Yesterday the firewall began recording IDS blocks to my router? Here is a sample entry from today:
5/14/2009 10:00:36 AM Packet blocked by active defense (IDS) 192.168.1.102:49634 192.168.1.1:80 TCP

Never seen this one before and now I have over 100 of them! What is happening? I have made no changes to my system or ESS software.

Other sites have been randomly blocked by the IDS Module n the past and there is never any definitive reason given. How about expanding the info to include the IDS rule that created the block?

I requested more info already in a prior post here:
https://www.wilderssecurity.com/showthread.php?t=241251


Steve Ward
MVP Consumer Security 2005-2009