Snort Notifications
-
Hey all,
We are looking at deploying an IDS along with our pfSense box. Happy to hear that pfSense integrates well with Snort, however we are hoping to set it up to send an email notification when an intrusion is detected.
From the research that I have done there doesn't seam to be any builtin function to do this and we need to setup a separate syslog server the parse the log files and then send the notification.
This seams a little backward from my point of view, what is the point of a system that detects an intrusion, logs it; but doesn't notify anyone about it?Can someone please tell me that I am wrong and help me find where this needs to get setup?
Thanks all.
-
Just replied to you on Reddit. :)
From the research that I have done there doesn't seam to be any builtin function to do this and we need to setup a separate syslog server the parse the log files and then send the notification.
That's the right way to do it. People use number of great solutions to do this.
This seams a little backward from my point of view, what is the point of a system that detects an intrusion, logs it; but doesn't notify anyone about it?
All IDS events are logged and displayed on the alerts tab. pfSense is a firewall, not a monitoring solution.
-
Just replied to you on Reddit. :)
That's the right way to do it. People use number of great solutions to do this.
Thanks Ivor,
It's not likely that I will be able to convince smaller businesses to deploy a new server just to monitor logs, however if we can which would be the recommended solution?Alternatively is there a different IDS that will notify us when there is suspicions activity happening?
-
I'm not sure if you've worked with an IDS before, you really don't want 99.99% alerts IDS detects. Many are false positives. Most important part is to configure your firewall correctly.