Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two or More Snorby Sensors on PFsense

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 390 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      androse
      last edited by

      I have a pfsense that acts as transparent. This pfsense receives the connections of two main segments of my network. One segment of the internet and another segment of the extranet. In both I have the snort set up doing the IDS / IPS work.

      I did the integration of these logs with SNORBY to have a better visual result when analyzing the logs. In a dedicated ubuntu machine I installed SNORBY and managed to integrate one of the interfaces with it. The problem is when I will configure the second interface. As far as I realize, to show the sensor in snorby I should set up the same snorby mysql database on the Barnyard2 tab of the interface in question. The problem is when I configure the same database settings for the second interface and restart snort on the interface, the barnyard2 configuration of the first interface drops, is unavailable.

      What I think is that it does not work to set up the same bank on both interfaces because it creates conflict. Something like that. But if I set up a second database, one for each interface, snorby will not recognize this second interface as there will be no association with the snorby flock.

      How can I solve this problem?

      My pfsense is:

      2.3.2-RELEASE (amd64)
      built on Tue Jul 19 12:44:43 CDT 2016
      FreeBSD 10.3-RELEASE-p5

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.