Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installation of Bro IDS on Pfsense

    Scheduled Pinned Locked Moved IDS/IPS
    7 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shadonet01
      last edited by

      Re: installation of BRO IDS

      This package pfSense-pkg-bro allows installing bro on the pfSense and managing bro settings from the pfsense UI

      1 Reply Last reply Reply Quote 2
      • NollipfSenseN
        NollipfSense
        last edited by

        Cool...are you working with pfSense to have it apart of the package repository? Will you be the maintainer?

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • S
          shadonet01
          last edited by

          I'm the maintainer and I'm planning to submit the pull request into the pfsense/FreeBSD-ports repository

          1 Reply Last reply Reply Quote 0
          • occamsrazorO
            occamsrazor
            last edited by

            Always great to have different options, thank you! As a home user currently and reasonably successfully using Suricata, but always a little confused by its setup... how does Bro compare in terms of ease of setup and use?

            pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
            Ubiquiti Unifi wired and wireless network, APC UPSs
            Mac OSX and IOS devices, QNAP NAS

            S 1 Reply Last reply Reply Quote 0
            • S
              shadonet01 @occamsrazor
              last edited by

              @occamsrazor Zeek (formerly Bro) needs a good amount of effort to deploy along with solid programming and scripting skills to handle it proficiently.

              occamsrazorO 1 Reply Last reply Reply Quote 0
              • occamsrazorO
                occamsrazor @shadonet01
                last edited by

                @shadonet01 Thanks, not for me then. But well done on the good work.

                pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
                Ubiquiti Unifi wired and wireless network, APC UPSs
                Mac OSX and IOS devices, QNAP NAS

                1 Reply Last reply Reply Quote 0
                • D
                  dc401
                  last edited by

                  Hi sorry for the late response. I figured, searching was best-- if I put a bounty, would you consider writing and maintaining as part of your package icap support with configuration options in the GUI? The goal would be able to add/write custom bro scripts that can be executed from the pipeline of traffic tunneled to Bro from the Squid package(s). https://www.zeek.org/brocon2016/slides/fernandez_icap.pdf

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.