Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort syslog

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      token
      last edited by

      Hello all, I have 3 snort interfaces, WAN, LAN and DMZ, all with barnyard2 running and my Splunk indexer IP inputted.  The WAN and LAN logs have been coming in, but not the DMZs- I have since triple checked the settings, Splunk IP, drop down settings etc to mirror the working setups of WAN and LAN.  Even though I did not see action=blocked logs (in case a firewall rule itself was somehow the culprit) I still made a firewall rule to let DMZ talk to LAN (where the splunk server is) just in case- still no input.  I'm not strong on pfsense or networking in general so I'm sure I'm derping something up, such as a gateway setting or some kind of routing- but with the allow all rule for DMZ to LAN, a machine on my DMZ is able to ping LAN hosts.  Regardless I imagine the Splunk DMZ interface alert logs should not have routing relevance in regards to the DMZ range.  Are there some settings snippets I should post up?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.