@bmeeks

Kk Sounds good,

Thanks my friend will check it out, and I will ask my isp about that because I am seeing a whole range of ips in the same scope as my public wan ip as well as ips that look to be going to different ip addresses not related to me at all and are on the same subnet as my public wan.

Thanks again.

This forum is for users of Snort on pfSense only. There is no support for Windows versions of Snort available here.

Found an answer, took me long enough given it was right in front of me the whole time...

On Line 60 in the YAML, you can disable Stats - that probably cuts down 80% of the garbage data in EVE.

You can further disable logging (in EVE) under metadata for DNS, TLS, TCP, HTTP, etc. -- YMMV, but I feel keeping that stuff is fine since you can filter it out using something like Kibana or Splunk readily.

@hannes-hutmacher I think will be better if you save your config to xml file and then make fresh install including xml import option.
Please see https://docs.netgate.com/pfsense/en/latest/backup/index.html