Is it possible to install Aanval 9 on pfsense machine?
-
Is it possible to install Aanval 9 on pfsense machine to see the snort Syslog data/ report?
-
No, that package is not listed in the FreeBSD ports tree. You would have to compile your own on a FreeBSD development platform using the source code and then copy a pkg *.tgz file over to the firewall and manually install it using
pkg. That's a pretty tall order.You certainly don't want to install the necessary development libraries and other tools onto your firewall that would be required to compile the Aanval 9 source code directly on your firewall. It is likely to break something, and even if it did not, it creates a large potential attack surface.
The proper way to accomplish what you want would be to install Aanval 9 on a separate server (virtual machine host would be fine) and then configure the remote syslog daemon in pfSense to ship the firewall logs off to the Aanval host. You can have pfSense forward its logs to any network syslog receiver.
-
Forgot to mention in my other post that you can also configure Barnyard2 in Snort and then use it to send Snort data out to a syslog receiver. So in that manner Barnyard2 could send your alert data from Snort to Aanval.
