4. Snort syslog

Snort syslog

  • T

    Hello all, I have 3 snort interfaces, WAN, LAN and DMZ, all with barnyard2 running and my Splunk indexer IP inputted.  The WAN and LAN logs have been coming in, but not the DMZs- I have since triple checked the settings, Splunk IP, drop down settings etc to mirror the working setups of WAN and LAN.  Even though I did not see action=blocked logs (in case a firewall rule itself was somehow the culprit) I still made a firewall rule to let DMZ talk to LAN (where the splunk server is) just in case- still no input.  I'm not strong on pfsense or networking in general so I'm sure I'm derping something up, such as a gateway setting or some kind of routing- but with the allow all rule for DMZ to LAN, a machine on my DMZ is able to ping LAN hosts.  Regardless I imagine the Splunk DMZ interface alert logs should not have routing relevance in regards to the DMZ range.  Are there some settings snippets I should post up?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy