Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snorby Integration

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heli0s
      last edited by

      Is there a way to integrate Snorby with pfSense so that all Snort alerts can be viewed from Snorby? I searched the forums and online but couldn't find anything.

      1 Reply Last reply Reply Quote 0
      • T
        Tawonga
        last edited by

        Barnyard2 is the glue between Snort and Snorby. It works great. A search of the forum will give a wealth of information on how to set up Barnyard. Give it a try.

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          @Tawonga:

          Barnyard2 is the glue between Snort and Snorby. It works great. A search of the forum will give a wealth of information on how to set up Barnyard. Give it a try.

          Configure Snorby on another box.  I used an Ubuntu Server virtual machine.  On pfSense, within the Snort package, enable Barnyard2 and provide the necessary hostname and database credentials for your Snorby machine.  Save the new configuration in Snort and then restart Snort.  That's it, and it works great.

          Bill

          1 Reply Last reply Reply Quote 0
          • M
            MarkVLK
            last edited by

            Would it be possible to just install Snorby on the pfSense box and have Snort + Snorby both running on it?

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks
              last edited by

              @MarkVLK:

              Would it be possible to just install Snorby on the pfSense box and have Snort + Snorby both running on it?

              Probably not without adding a lot of dependent libraries.  I do not recommend doing this on your firewall.  It adds way too many attack vectors with all the extra stuff like shared libraries.  You can also run out of CPU horsepower pretty quickly with a MySQL server, Snort (or Suricata), Snorby and then basic firewalling as well.  Much better to do this on a different server.  You can use a physical machine or a virtual one.

              Bill

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.