Netgate SG-1000 microFirewall

Author Topic: Snort syslog  (Read 80 times)

0 Members and 1 Guest are viewing this topic.

Offline token

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Snort syslog
« on: February 24, 2018, 04:01:26 pm »
Hello all, I have 3 snort interfaces, WAN, LAN and DMZ, all with barnyard2 running and my Splunk indexer IP inputted.  The WAN and LAN logs have been coming in, but not the DMZs- I have since triple checked the settings, Splunk IP, drop down settings etc to mirror the working setups of WAN and LAN.  Even though I did not see action=blocked logs (in case a firewall rule itself was somehow the culprit) I still made a firewall rule to let DMZ talk to LAN (where the splunk server is) just in case- still no input.  I'm not strong on pfsense or networking in general so I'm sure I'm derping something up, such as a gateway setting or some kind of routing- but with the allow all rule for DMZ to LAN, a machine on my DMZ is able to ping LAN hosts.  Regardless I imagine the Splunk DMZ interface alert logs should not have routing relevance in regards to the DMZ range.  Are there some settings snippets I should post up?