Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with SNORT

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Highroller
      last edited by

      Hello,

      I am new to snort and am not sure how to properly configure it. I am running PfSence 2.0 RC3 i386 with the latest updates. Can someone give me some screen shots and help with a good solid configuration for my WAN? I have read through the documentation on the Snort and PFsence site, but most if not all of it is for a command line config and not the Pfsence gui. Please help!

      Thanks.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        First of all, you need to create an oincmaster code at snort site and then paste it at pfsense gui to be able to download snort rules.

        Second step is to update snort rules at gui.

        third step is to tell snort about your network, setting up who is your dns server web server, etc etc.

        fourth step is 'assign' a interface to snort listen on and choose a set of rules you will apply on it.

        Note that you must know a lot of tcp/ip and Networking to understand what snort does and how to setup it correctly.

        att,
        Marcello Coutinho

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • C
          catfish
          last edited by

          Hi, I'm also new to snort…

          I'm just wondering if there is any easier way to search for a rule.
          I have a lot of them and when I want to review one upon an alert,
          I have to do find the matching one by hand.. The same with suppression....

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.