Netgate m1n1wall

Author Topic: Get Snort Alerts out of pfSense for email alerting?  (Read 2204 times)

0 Members and 1 Guest are viewing this topic.

Offline mevans336

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Get Snort Alerts out of pfSense for email alerting?
« on: June 26, 2012, 07:27:04 pm »
Hello Everyone,

For those of you who have managed to get your Snort alerts out of pfSense and onto another machine for parsing or email alert generation, what solution have you found to be effective and reliable?

I'm especially interested in email alert generation.

Thanks!

Offline mevans336

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #1 on: June 29, 2012, 03:22:13 pm »
Yikes, no one?

Should I break Snort out onto its own box for enhanced functionality or is there another recommended IDS?

Offline judex

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #2 on: June 29, 2012, 04:58:10 pm »
"Enhanced functionality"? At the moment it would be great , if it would work at all...
2.1-RELEASE (amd64)
built on Wed Sep 11 18:17:48 EDT 2013
FreeBSD 8.3-RELEASE-p11

Offline mevans336

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #3 on: June 29, 2012, 05:36:31 pm »
"Enhanced functionality"? At the moment it would be great , if it would work at all...

I don't have a problem with Snort generating alerts. That part works fine for me. (Sorry, my two Snort installations work fine.)

I'd just like to know if anyone has a scheme for getting those alerts out of pfSense and generating emails based upon them.

Offline Koti

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #4 on: July 31, 2012, 12:34:24 am »
Why dont you send the snort alerts to some external syslog server and get email alerting.

 :)

Offline kevross33

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #5 on: July 31, 2012, 08:29:28 am »
Use unified2 and barnyard in Snort package to write it off to an external database and use snorby (snorby.org) to email you reports.

Offline mevans336

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: Get Snort Alerts out of pfSense for email alerting?
« Reply #6 on: August 01, 2012, 02:20:06 pm »
Use unified2 and barnyard in Snort package to write it off to an external database and use snorby (snorby.org) to email you reports.

I tried this, but I could never get anything to populate in Snorby. I'll research it again.

You wouldn't happen to know of a good how-to on the web would you?