Snort Categories



  • Still pretty new to pfSense and Snort so this may be an easy question.

    I've got the Snort package installed and when I enable all the categories for an interface, Snort won't start.
    If I only enable about 5 it starts fine.

    Anyone else run into this?

    Thanks.



  • I found some information in the System log that indicated there were problems compiling some of the categories I had chosen.
    After disabling about 15 categories I was able to start the process.
    A few of the log entries reference http and SSL.



  • How do you enable categories ? I have the rules already but theres no category tab in my web interface for snort



  • I found that after creating a snort interface you would have to go in and enable preprocessor settings



  • I enable the interface but still none, can someone point me to the right direction. TIA




  • Click on the "e" box next to Traffic Analysis. You will see a categories tab.



  • As logger mentioned just click the Edit button next to the interface you want to configure.
    Kind of makes sense since you might want different categories and rules for different interfaces.

    Logger, thanks for the suggestion about preprocessors.


Log in to reply