Snort Alerts



  • I have just put a PFSense firewall in at home and have setup snort rules everything appears to be running correctly however i cannot get snort to report alerts to the alert tab.  I have reinstalled snort a couple of times and had no success is someone able to point in the right direction to try and troubleshoot this?

    Thanks

    Jail



  • @jailbreaker:

    I have just put a PFSense firewall in at home and have setup snort rules everything appears to be running correctly however i cannot get snort to report alerts to the alert tab.  I have reinstalled snort a couple of times and had no success is someone able to point in the right direction to try and troubleshoot this?

    Thanks

    Jail

    Are you a new Snort user?  If so, when you say "have setup snort rules", can you provide some more details.  Did you go to the CATEGORIES tab and select either an IPS Policy or some rule categories?  Did you go to the RULES tab and verify that for the categories you selected, they actually contain one or more enabled rules?  I ask because some of the Snort VRT category files are actually empty these days as the VRT has shuffled their rules around into some new file names, but they left the old filenames there just empty to prevent errors on startup for legacy users.

    If you are a novice user of Snort, here is a thread on how to get it jump-started:  https://forum.pfsense.org/index.php?topic=61018.0

    If you have done all the above already, or are an experienced Snort user, then ignore what I posted above and tell me what interfaces you run Snort on and whether or not you have tried nmap and some targeted scans at interfaces protected by Snort.

    Bill