Snort 2.9.2.3 pkg 2.5.1 not generating any alerts or blocking
-
Hi, we've got snort package installed and configured but it is not generating any alerts or doing any blocking. I've found some documentation on pfsense and snort (http://doc.pfsense.org/index.php/Setup_Snort_Package) and they all mention a 'Categories' tab which is used to enable/disable the detection rules. Funny thing is that this 'Categories' tab is not showing on my web interface (maybe a versioning problem with the documentation?). Anyway, snort does not seem to be working for us and we would appreciate any help.
Info:
pfSense 2.0.1 (i386) running over a Netgate's ALIX 2D3/2D13 board
Snort 2.9.2.3 (package version 2.5.1)Snort service is started and both WAN interface's are enabled.
[2.0.1-RELEASE][root@fw.conceptnet.local]/root(36): ps -ax | grep -i snort
15479 ?? Ss 0:00.01 /usr/local/bin/snort -R 46948 -D -q -l /var/log/snort/snort_vr146948 –pid-path /var/run --nolock-pidfile -G 46948 -c /usr/local/etc/snort/snort_46948
17197 ?? Ss 0:00.11 /usr/local/bin/snort -R 34019 -D -q -l /var/log/snort/snort_vr234019 --pid-path /var/run --nolock-pidfile -G 34019 -c /usr/local/etc/snort/snort_34019
16998 0 S+ 0:00.01 grep -i snort
[2.0.1-RELEASE][root@fw.conceptnet.local]/root(37): -
How dumb of me! I've just found the categories tab and after enabling the needed categories everything started working. My apologies for posting such a dumb problem.
-
Hi, how did you manage or download the snort rules? i go updates –> click update rules.. but when i return to check the rules it is just a blank page.. please help..thanks
-
Hi, how did you manage or download the snort rules? i go updates –> click update rules.. but when i return to check the rules it is just a blank page.. please help..thanks
I think you may need an oink code from snort.org. It is my understanding that a free subscription to delayed release sigs is available for only personal use. Zero-day might cost you.
-
how do you enable those rules, i was not seeing the categories tab, can someone help
-
How dumb of me! I've just found the categories tab and after enabling the needed categories everything started working. My apologies for posting such a dumb problem.
how do you enable those rules and found the categories tab ? shed some light TIA