Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort logs

    pfSense Packages
    2
    4
    8353
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sam_son last edited by

      I wondered if there was a way to display the snort logs from the command line.

      I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

      Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

      If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

      Regards

      Sam

      1 Reply Last reply Reply Quote 0
      • J
        jamesdean last edited by

        In ther terminal.

        ee /var/log/snort/alert

        or

        tail -F /var/log/snort/alert

        @sam_son:

        I wondered if there was a way to display the snort logs from the command line.

        I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

        Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

        If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

        Regards

        Sam

        1 Reply Last reply Reply Quote 0
        • S
          sam_son last edited by

          thanks jamesdean

          And to exit it's ctrl/c for those like me that didnt know :)

          I dont suppose there is a way of tailing the blocked ip list is there? It would also be good from time to time to view the offenders in a nice format such as the blocked list.

          Regards

          Sam

          1 Reply Last reply Reply Quote 0
          • J
            jamesdean last edited by

            To show all block ips in the terminal.

            pfctl -t snort2c -Ts

            @sam_son:

            I wondered if there was a way to display the snort logs from the command line.

            I have the pfsense on a kvm so I can view the screen locally rather than ssh. From looking at the snort package advanced tab it says about tcpdump logs. Could I view somthing similar to pftop from the main user menu? It would be very nice to see blocked ip's from snort and what ip's are popping up.

            Sorry but I don't have a clue how to follow / tail the dump file and where it is stored.

            If someone could shed some light on this that would be great. Sicne I have upgraded to the latest version it has opened up a whole world of goodies for monitoring and protecting the system.

            Regards

            Sam

            1 Reply Last reply Reply Quote 0
            • First post
              Last post