Installed Snort - how do I know it's working?
-
Morning all,
I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?
I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?
Which leads me to believe either:
1 - It's not working properly and I've done something wrongor
2 - it has detected nothing which needs to trigger a rule.
I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.
Thoughts?
-
Morning all,
I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?
I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?
Which leads me to believe either:
1 - It's not working properly and I've done something wrongor
2 - it has detected nothing which needs to trigger a rule.
I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.
Thoughts?
Ahh right I have it up and running properly now! :)
a reboot of the firewall sorted things out and now I can see the logs being generated.