Snorby Integration
-
Is there a way to integrate Snorby with pfSense so that all Snort alerts can be viewed from Snorby? I searched the forums and online but couldn't find anything.
-
Barnyard2 is the glue between Snort and Snorby. It works great. A search of the forum will give a wealth of information on how to set up Barnyard. Give it a try.
-
Barnyard2 is the glue between Snort and Snorby. It works great. A search of the forum will give a wealth of information on how to set up Barnyard. Give it a try.
Configure Snorby on another box. I used an Ubuntu Server virtual machine. On pfSense, within the Snort package, enable Barnyard2 and provide the necessary hostname and database credentials for your Snorby machine. Save the new configuration in Snort and then restart Snort. That's it, and it works great.
Bill
-
Would it be possible to just install Snorby on the pfSense box and have Snort + Snorby both running on it?
-
Would it be possible to just install Snorby on the pfSense box and have Snort + Snorby both running on it?
Probably not without adding a lot of dependent libraries. I do not recommend doing this on your firewall. It adds way too many attack vectors with all the extra stuff like shared libraries. You can also run out of CPU horsepower pretty quickly with a MySQL server, Snort (or Suricata), Snorby and then basic firewalling as well. Much better to do this on a different server. You can use a physical machine or a virtual one.
Bill
