Get Snort Alerts out of pfSense for email alerting?



  • Hello Everyone,

    For those of you who have managed to get your Snort alerts out of pfSense and onto another machine for parsing or email alert generation, what solution have you found to be effective and reliable?

    I'm especially interested in email alert generation.

    Thanks!



  • Yikes, no one?

    Should I break Snort out onto its own box for enhanced functionality or is there another recommended IDS?



  • "Enhanced functionality"? At the moment it would be great , if it would work at all…



  • @judex:

    "Enhanced functionality"? At the moment it would be great , if it would work at all…

    I don't have a problem with Snort generating alerts. That part works fine for me. (Sorry, my two Snort installations work fine.)

    I'd just like to know if anyone has a scheme for getting those alerts out of pfSense and generating emails based upon them.



  • Why dont you send the snort alerts to some external syslog server and get email alerting.

    :)



  • Use unified2 and barnyard in Snort package to write it off to an external database and use snorby (snorby.org) to email you reports.



  • @kevross33:

    Use unified2 and barnyard in Snort package to write it off to an external database and use snorby (snorby.org) to email you reports.

    I tried this, but I could never get anything to populate in Snorby. I'll research it again.

    You wouldn't happen to know of a good how-to on the web would you?


Locked