Snort alerts not forwarding to Splunk...
-
Started playing with Splunk, mostly as a learning exercise. Snort alerts aren't being received by Splunk, but a lot other garbage is.
In pfsense, Status/System Logs/Settings, I left Source Address as Default(any), protocol as IPV4, entered the IP of the Splunk server (without a port), and checked Everything under Remote Syslog Content.
In Services/Snort/LAN-Interface Settings, I checked Send Alerts to System Log, left the System Log Facility at LOG_AUTH, and set the log priority to debug.
What am I failing to do?
Separately, is there a way to forward the pfBlockerNG logs to a remote server?
Thank you for any/all guidance!
Rog