Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installed Snort - how do I know it's working?

    pfSense Packages
    1
    2
    1140
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Deadringers
      last edited by

      Morning all,

      I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?

      I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?

      Which leads me to believe either:
      1 - It's not working properly and I've done something wrong

      or

      2 - it has detected nothing which needs to trigger a rule.

      I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • D
        Deadringers
        last edited by

        @Deadringers:

        Morning all,

        I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?

        I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?

        Which leads me to believe either:
        1 - It's not working properly and I've done something wrong

        or

        2 - it has detected nothing which needs to trigger a rule.

        I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.

        Thoughts?

        Ahh right I have it up and running properly now! :)

        a reboot of the firewall sorted things out and now I can see the logs being generated.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post