3. Snort not working?

Snort not working?

  • B

    I have snort installed and with almost all of the rules turned on except for chat and p2p.  It shows as running in the gui, and I see the process in top.  But I'm not getting any alerts or blocks.  I find this hard to believe, as when I was previously running snort, I was getting at least a couple hits a day.

    Is there something in the setup I need to change or check?  How can I tell it's working correctly?

    0
  • L

    What interface is it running on?

    0
  • B

    @LostInIgnorance:

    What interface is it running on?

    WAN

    0
  • L

    Can you give a bit of info about your network setup? (asci/paint diagram would be nice)

    0
  • B

    Not to be difficult, but what does that have to do with snort picking up things from the internet?

    0
  • L

    If you have something before the pfsense, sometimes the modems associated with dsl/cable have firewalls naturally enabled on them.

    0
  • B

    @LostInIgnorance:

    If you have something before the pfsense, sometimes the modems associated with dsl/cable have firewalls naturally enabled on them.

    Just the same Moto 6120 I've been running previously.

    0
  • M

    I have the same issue… I may just build the damn thing by hand... it seems that it doesn't pick up EXTERNAL and INTERNAL net...

    0
  • J

    @mantic:

    I have the same issue… I may just build the damn thing by hand... it seems that it doesn't pick up EXTERNAL and INTERNAL net...

    @mantic

    Do us a favor.

    Post you system spec, network map and any setting that might affect snort.

    Rob

    0
  • B

    So, I went to GRC and did a port scan on my ip.  Still nothing from Snort.  I'm beginning to wonder if it's even running.

    What can I look at in order to tell if things are working correctly?

    0
  • _

    when snort starts up, it fills the whole systemlog with messages. The last ones should be like this:

    snort[62829]: Snort initialization completed successfully (pid=62829)
Mar 25 00:02:18	snort[62829]: Snort initialization completed successfully (pid=62829)
Mar 25 00:02:18	snort[62829]: --== Initialization Complete ==--
Mar 25 00:02:18	snort[62829]: --== Initialization Complete ==--
    0
  • B

    Yeah, it turned out I had to turn on the preprocessors.

    BTW, it lists an option for collecting performance statistics, but I couldn't find where they're collected.  Any ideas?

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy