Installed Snort - how do I know it's working?



  • Morning all,

    I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?

    I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?

    Which leads me to believe either:
    1 - It's not working properly and I've done something wrong

    or

    2 - it has detected nothing which needs to trigger a rule.

    I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.

    Thoughts?



  • @Deadringers:

    Morning all,

    I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?

    I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?

    Which leads me to believe either:
    1 - It's not working properly and I've done something wrong

    or

    2 - it has detected nothing which needs to trigger a rule.

    I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.

    Thoughts?

    Ahh right I have it up and running properly now! :)

    a reboot of the firewall sorted things out and now I can see the logs being generated.


Log in to reply