Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Small snort alerts hack

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dicknixon
      last edited by

      I made a small hack to snort gui alerts so I could see the packet that triggered the alert. It kind of munches the page a bit but I find it useful.
      First you have to enable "Log to a tcpdump file" checkbox.
      Then backup /usr/local/www/snort/snort_alerts.php
      Then get the new one here:
      http://pastebin.com/xfnXnGDA
      Check it over of course (sdiff anyone?) to see what I did was legit.

      You might not want to run it on slow machines with huge alert lists. I rotate my alert logs regularly and it works fine.

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        You can code it to be optional on the type of alert chosen in snort.
        You can code to use alerts in tcpdump format or normal one and then make your code optional.

        And also submit through redmine.pfsense.org as Feature.

        1 Reply Last reply Reply Quote 0
        • D
          dicknixon
          last edited by

          Made it more useful and submitted it
          http://redmine.pfsense.org/issues/2008

          tcpdump format was problematic and doesnt add much but not having to run snort to interpret the dump would be nice. Cant get snort to dump only alert packets in binary (tcpdump) format. It wants to dump the whole world or not at all.

          Not sure how to make optional on alert type beyond hard coding a list or adding a checkbox to every rule or category.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.