PfSense Snort for Dummies?
-
Is there a help section for first-time Snort users? I am using (embedded) 2.0.1-RELEASE (amd64) of PfSense. I installed the Snort package and obtained and inserted the Oink Code but my rules won't update. The Snort code registration says something about going to urls to register/configure but I don't know the correct PfSense filename to insert. The only PfSense "tutorial" I have found on Snort is not really a tutorial (it is just Snort screen snapshots) and shows an out-of-date version of Snort.
-
I am overwealmed by the amount of replies I have so far received to my original question. :o
-
As far as the lack of snort rule downloads, I think the package version is the issue. See: http://forum.pfsense.org/index.php/topic,47702.0.html
While I am far from an expert, I would recommend trying the emerging threats rules for now. If/when a new snort version package is available, the rules downloads from snort should work again. [Please correct me if I'm wrong here.]
Hope this helps.
-
This is the package I am trying to run:
2.9.1 pkg v. 2.1.1
I have turned on the other update, but it does not seem to download rules either.
-
Snort VRT updates will not currently work until the pfsense snort package is updated from 2.9.0.5 as it is end of life which means no more new rules. Try using the ET ones only and see how you get on. You may be able to download older rules.
Is there a help section for first-time Snort users? I am using (embedded) 2.0.1-RELEASE (amd64) of PfSense. I installed the Snort package and obtained and inserted the Oink Code but my rules won't update. The Snort code registration says something about going to urls to register/configure but I don't know the correct PfSense filename to insert. The only PfSense "tutorial" I have found on Snort is not really a tutorial (it is just Snort screen snapshots) and shows an out-of-date version of Snort.
-
Does one have to register to subscribe to the Emerging Threats rules (if so, then how?) or just place a check in the Install Emergingthreats rules box on the Global Settings page?
-
Does one have to register to subscribe to the Emerging Threats rules (if so, then how?) or just place a check in the Install Emergingthreats rules box on the Global Settings page?
Right, no registration, just check the ET box, select the auto-update frequency interval, and save. You may need to manually update the rules, or stop/start snort to download then initially. After updating review the categories enabling those of interest under each interface. I think that's about all you need to do.