Netgate SG-1000 microFirewall

Author Topic: How to make PFsense more senses by configuring the Snort  (Read 141 times)

0 Members and 1 Guest are viewing this topic.

Offline luke1018

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
How to make PFsense more senses by configuring the Snort
« on: December 04, 2017, 09:06:51 pm »
I realized the SNORT module is not capturing the correct and useful information. How can I configure it to be able to capture the data?

Is there anything I need to install?

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 388
  • Karma: +32/-0
    • View Profile
Re: How to make PFsense more senses by configuring the Snort
« Reply #1 on: December 05, 2017, 03:18:06 am »
Look in Services -> Snort -> Alerts.

I've found its better to run snort on the internal interface as if you use it on the WAN it logs the WAN address not the client that is natted.