Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    View snort alerts outside of PFSense

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 641 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siil-it
      last edited by

      We have a pair of Netgate devices running Snort and all the traffic from our main site runs through these devices and we monitor the Snort alerts through the PFSense interfaces on the two devices.

      Shortly we will be deploying a significant number of other Netgate devices on our remote sites and we need to monitor the Snort alerts on those. We can't monitor 20+ snort windows and are looking for advice on the best way to feed the Snort alerts into a SIEM system? I've looked at the remote logging options within the interface but am unsure as to what to enable to get the snort logs into the external system.

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        Services -> Snort -> Barnyard2 -> Settings -> INTERFACE

        Pop the IP address or FQDN of your SIEM system in the yellow box.

        0_1533461641899_Untitled.jpeg

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • S
          siil-it
          last edited by

          Thank you Nog, that's done the trick.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.