Using snort & suricata
-
Hi, is it a bad idea to use Snort for VRT and Suricata for ET ?
Or should I just use one package.Thx
-
You can use both but only ONE of them can have blocking enabled. Given the overhead with this (maintenance, system resources) I really think it's better to stick to one.
-
hmm both of them have blocking 'enabled'.. unless one of them isn't actually blocking as you say!
![pfsense1.jpg
![pfsense1.jpg_thumb -
Both use the same pf table to implement blocking, so if you enable blocking on both packages they will conflict with each other. As @doktornotor stated, choose one of the packages and use just that one. No advantage to using both.
Bill
-
Thanks! I removed suricata.
-
I found this amusing –
"pfblocker is the gate in the fence, snort is the more paranoid security guard checking papers for the stuff that was allowed through the gate."
I was thinking I would have two security guards using snort and suricata! .. but I guess that isn't really the case.