Snort configuration problems

heiko · Mar 30, 2007, 1:18 PM

hello,

i have installed the snort package, the service looks fine, i configured it and set snort to hear on the LAN and WAN-Interface. I test it with Nessus, but nothing happens…. From the console menue i started snort manually and snort logs a "compilation failure".

A configuration failure? i am running the newest releng_snapshot.
Greetings
heiko

Brian_Andle · Mar 30, 2007, 2:36 PM

Correct me if I'm wrong but Snort should only be attached to lan, you want to block bad stuff coming in not your internal computers going out.

Also if you are not using carp, uncheck the last option.

heiko · Mar 30, 2007, 2:39 PM

Ups, the description says "Select all WAN type interfaces". I´m confused but i will test it.

Brian_Andle · Mar 30, 2007, 2:45 PM

WAN is the network card that connects to the internet. LAN is the card the connects to the internal network. Snort detects and if enabled blocks computers from the internet (wan) attempting to connect to your computers (lan).

yoda715 · Mar 30, 2007, 7:16 PM

For the moment, snort can only be applied to one WAN interface.

heiko · Mar 30, 2007, 7:47 PM

yes, OK, i have tested it , for the initial start of snort after a complete reset to pfsense all works fine and the log is full. If i changed anything, for example "wan to lan" and back, the snort package is a little bit confused.

The Service is started, but nothing happens, no logs… If i went "nessus" against the wan interface, nothing happens again.

I don´t know, i think the package is not really clean, but maybe my test was incorrect...