Firewall logs AND/OR Snort Alerts clarification please

  • Quick question(s):

    If I have log in Snort set to add to Firewall log, will the widgets work ie. I'm running the widget on dashboard for Firewall logs as well as one for Snort Alerts and while I see benign blocked entries (I believe is not Snort related but simply standard firewall stuff) on the Firewall logs but I DON'T see any alerts for Snort in Snort Alerts ever.

    Everything shows as running in Services Status widget.

    Will Snort Alerts show up both in Firewall logs and/or will they ALSO show on Snort Alerts/log on dashboard widget when check mark set in Snort to Send Alerts to System Log? In other words will it show in both or just one.

    I don't know what to expect for Snort BUT I do have paid oinkmaster code and have Snort VRT Rules, Snort GPLv2 Community Rules, Emerging Threats Open Rules & Snort OpenAppID Detectors current/active. How do I know if Snort is working?

    BTW: 2.3.2-RELEASE-p1 (amd64)

    Thank you in advance for any clarity and experience shared.

  • Hey,

    I notice no one has answer you yet. I am also new to pfsense, but I understand it pretty well so far and to check if it's actually working you can you can look under services\snort\interface. It should have snort status green check mark with refresh button and stop button. If not then it has not been started or is not running basically. I do not have firewall check since their is no need as snort is enough on dashboard and if you want more from firewall logs you can go to service\system logs\firewall. I am also a subscriber to snort talos/VRT but I do not have neither snort gplv2(no need to check this since your a paid subscriber)\EMT\openAPPID check since it's just paranoid if you do lol. The only thing I assume your not seeing much blocking is because you have it on connectivity policy. If you want to make sure change it to balance and restart snort services. Hope that helps.


Log in to reply