Snort Best Practice
-
Hi,
I am newbie with snort and I would appreciate if some one guide me through on installing snort on my pfsense box running 1.2.3, I know how to install snort as I tried installing it before under package menu, and I am not sure if the configuration is correct so I remove it. It runs when I install it because under services it says running, but I am not sure if it is working or not, Is it really preventing anomaly attacks from accessing my network or the snort just logs the packets and tells you that there are attack attemp? Another thing is I don't know how to act with the snort alert logs as it is not giving me that it was successfully prevented or blocked by snort, do I have to do anything if I saw a malicious attemp or this just a logs that tells me that there are attemps but is was not successful and it was prevented by snort.
Any help is much greatly appreciated.
Thanks.
-
Snort isn't updating at the moment - keep an eye on this thread:
http://forum.pfsense.org/index.php/topic,26382.0.html