4. Two or More Snorby Sensors on PFsense

Two or More Snorby Sensors on PFsense

  • A

    I have a pfsense that acts as transparent. This pfsense receives the connections of two main segments of my network. One segment of the internet and another segment of the extranet. In both I have the snort set up doing the IDS / IPS work.

    I did the integration of these logs with SNORBY to have a better visual result when analyzing the logs. In a dedicated ubuntu machine I installed SNORBY and managed to integrate one of the interfaces with it. The problem is when I will configure the second interface. As far as I realize, to show the sensor in snorby I should set up the same snorby mysql database on the Barnyard2 tab of the interface in question. The problem is when I configure the same database settings for the second interface and restart snort on the interface, the barnyard2 configuration of the first interface drops, is unavailable.

    What I think is that it does not work to set up the same bank on both interfaces because it creates conflict. Something like that. But if I set up a second database, one for each interface, snorby will not recognize this second interface as there will be no association with the snorby flock.

    How can I solve this problem?

    My pfsense is:

    2.3.2-RELEASE (amd64)
    built on Tue Jul 19 12:44:43 CDT 2016
    FreeBSD 10.3-RELEASE-p5

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy