3. Small snort alerts hack

Small snort alerts hack

  • D

    I made a small hack to snort gui alerts so I could see the packet that triggered the alert. It kind of munches the page a bit but I find it useful.
    First you have to enable "Log to a tcpdump file" checkbox.
    Then backup /usr/local/www/snort/snort_alerts.php
    Then get the new one here:
    http://pastebin.com/xfnXnGDA
    Check it over of course (sdiff anyone?) to see what I did was legit.

    You might not want to run it on slow machines with huge alert lists. I rotate my alert logs regularly and it works fine.

    0
  • E

    You can code it to be optional on the type of alert chosen in snort.
    You can code to use alerts in tcpdump format or normal one and then make your code optional.

    And also submit through redmine.pfsense.org as Feature.

    0
  • D

    Made it more useful and submitted it
    http://redmine.pfsense.org/issues/2008

    tcpdump format was problematic and doesnt add much but not having to run snort to interpret the dump would be nice. Cant get snort to dump only alert packets in binary (tcpdump) format. It wants to dump the whole world or not at all.

    Not sure how to make optional on alert type beyond hard coding a list or adding a checkbox to every rule or category.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy