@jailbreaker: I have just put a PFSense firewall in at home and have setup snort rules everything appears to be running correctly however i cannot get snort to report alerts to the alert tab.  I have reinstalled snort a couple of times and had no success is someone able to point in the right direction to try and troubleshoot this? Thanks Jail Are you a new Snort user?  If so, when you say "have setup snort rules", can you provide some more details.  Did you go to the CATEGORIES tab and select either an IPS Policy or some rule categories?  Did you go to the RULES tab and verify that for the categories you selected, they actually contain one or more enabled rules?  I ask because some of the Snort VRT category files are actually empty these days as the VRT has shuffled their rules around into some new file names, but they left the old filenames there just empty to prevent errors on startup for legacy users. If you are a novice user of Snort, here is a thread on how to get it jump-started:  https://forum.pfsense.org/index.php?topic=61018.0 If you have done all the above already, or are an experienced Snort user, then ignore what I posted above and tell me what interfaces you run Snort on and whether or not you have tried nmap and some targeted scans at interfaces protected by Snort. Bill

I think stephenw10 has a good point, assuming its true that the current release pfsense although based on a BSD version not current, is supported via the pfsense staff.  I'd put the burden on the testers to show me that pfsense is not properly patched if that is their stance. Their logic works for closed source stuff like XP, but not opensource as much.

Diagnostics > Tables. Pick the alias name from the drop-down. Or look up the pfctl man page and check the section on table commands for the CLI way

Lightsquid is designed to be 'lite' so it generally doesn't go to extreme detail. It more for collecing stats. You can always look at the squid logs directly or use some other log analyzer. Not that i've tried that personally. Steve

Yes, MindfulCoyote is right, a "gold" or whatnot, subscription to ESF includes the paid support, online "cloud" backups, and a book. Seems I'm not the only one curious about the release of the bundle of paper for v 2.0. Alas, not everyone has the budget to "go commercial".  Some think that "commercial", is really the future direction of pfSense & ESF. Some prefer to run their own "cloud", say, for example, using FreeNAS or NAS4Free.

Ok, I found that I can enabled NAT Reflection and that solves my issue.

Yay!!!  ;D  That would be awesome and a huge help!!!  Selecting Everything in the Syslog categories adds a few Mbps of traffic to my Syslog server.  haha Thanks Jim.

@stephenw10: Yet it worked ok when you manually edited the syslog.conf file? Yes it worked. Thanks !! @stephenw10: Use the Shellcmd package to run a specific command at each boot. Thanks to point this out ! I will test this package in the next days for further tasks. Now we can close this thread  8)

I will try that later because I really can't now. Thanks for helping

If you didn't have the problems you encountered, I'd have been very worried.

Figured it out… it was something so basic as flushing dns on the pfsense box.  :-[

Try the "urlsnarf" package, it's run from the command line but you could output it to a log file.

Thanks :). subscribed to the mailing list.

Thanks BBcan177 I clear cache on Chrome and there is no 500 error.

Easily done.  ;) Steve

So you're booting from the CF card with a Nano image on it, yes? Two issues. Nano doesn't use the fstab to mount the filesystems. The Nano image disables DMA so disk access is slow. Fortunately others have been here before you.  :) Have read through this thread: https://forum.pfsense.org/index.php?topic=67823.0 Steve

That sort of restriction I would be looking for a connection issue, probably a duplex mismatch. Check the Status: Interfaces: page for errors. Steve

You're right.  Looks like it's rolling 500KB log files!  Thanks! @stephenw10: The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though. Looks like they're generated here in /etc/rc DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml` ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml` LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing" for logfile in $LOG_FILES; do if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then /usr/bin/touch /var/log/$logfile.log else if [ ! -f /var/log/$logfile.log ]; then if [ "$ENABLEFIFOLOG" -gt "0" ]; then # generate fifolog files /usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log else /usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log fi fi fi done There is a package for running a syslog server on the pfSense box you might also look at. Steve

Ah, I decided to go with a different board actually guys.. (I posted that earlier.) But I do intend on getting this board for myself. It's just such a beautiful board and would make such an amazing pfsense box that I want to give it a shot in my free time. :D But I will be broke for a while..