Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort 2.9.2.3 pkg 2.5.1 not generating any alerts or blocking

    pfSense Packages
    4
    6
    1937
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RoFz last edited by

      Hi, we've got snort package installed and configured but it is not generating any alerts or doing any blocking. I've found some documentation on pfsense and snort (http://doc.pfsense.org/index.php/Setup_Snort_Package) and they all mention a 'Categories' tab which is used to enable/disable the detection rules. Funny thing is that this 'Categories' tab is not showing on my web interface (maybe a versioning problem with the documentation?). Anyway, snort does not seem to be working for us and we would appreciate any help.

      Info:
      pfSense 2.0.1 (i386) running over a Netgate's ALIX 2D3/2D13 board
      Snort 2.9.2.3 (package version 2.5.1)

      Snort service is started and both WAN interface's are enabled.

      [2.0.1-RELEASE][root@fw.conceptnet.local]/root(36): ps -ax | grep -i snort
      15479  ??  Ss    0:00.01 /usr/local/bin/snort -R 46948 -D -q -l /var/log/snort/snort_vr146948 –pid-path /var/run --nolock-pidfile -G 46948 -c /usr/local/etc/snort/snort_46948
      17197  ??  Ss    0:00.11 /usr/local/bin/snort -R 34019 -D -q -l /var/log/snort/snort_vr234019 --pid-path /var/run --nolock-pidfile -G 34019 -c /usr/local/etc/snort/snort_34019
      16998  0  S+    0:00.01 grep -i snort
      [2.0.1-RELEASE][root@fw.conceptnet.local]/root(37):

      1 Reply Last reply Reply Quote 0
      • R
        RoFz last edited by

        How dumb of me! I've just found the categories tab and after enabling the needed categories everything started working. My apologies for posting such a dumb problem.

        1 Reply Last reply Reply Quote 0
        • R
          renzai last edited by

          Hi, how did you manage or download the snort rules? i go updates –> click update rules.. but when i return to check the rules it is just a blank page.. please help..thanks

          1 Reply Last reply Reply Quote 0
          • B
            bobn last edited by

            @renzai:

            Hi, how did you manage or download the snort rules? i go updates –> click update rules.. but when i return to check the rules it is just a blank page.. please help..thanks

            I think you may need an oink code from snort.org.  It is my understanding that a free subscription to delayed release sigs is available for only personal use.  Zero-day might cost you.

            1 Reply Last reply Reply Quote 0
            • M
              m4st3rc1p0 last edited by

              how do you enable those rules, i was not seeing the categories tab, can someone help

              1 Reply Last reply Reply Quote 0
              • M
                m4st3rc1p0 last edited by

                @RoFz:

                How dumb of me! I've just found the categories tab and after enabling the needed categories everything started working. My apologies for posting such a dumb problem.

                how do you enable those rules and found the categories tab ? shed some light TIA

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post