Using snort & suricata

fantasypoo

Hi, is it a bad idea to use Snort for VRT and Suricata for ET ? 
Or should I just use one package.

Thx

doktornotor

You can use both but only ONE of them can have blocking enabled. Given the overhead with this (maintenance, system resources) I really think it's better to stick to one.

fantasypoo

hmm both of them have blocking 'enabled'..  unless one of them isn't actually blocking as you say!

![pfsense1.jpg
![pfsense1.jpg_thumb

bmeeks

Both use the same pf table to implement blocking, so if you enable blocking on both packages they will conflict with each other.  As @doktornotor stated, choose one of the packages and use just that one.  No advantage to using both.

Bill

fantasypoo

Thanks!  I removed suricata.

fantasypoo

I found this amusing –

"pfblocker is the gate in the fence, snort is the more paranoid security guard checking papers for the stuff that was allowed through the gate."

I was thinking I would have two security guards using snort and suricata! .. but I guess that isn't really the case.