snajd
December 3rd, 2003, 15:59
Hi all.
I just read that you can have snort listening to pf:s log interface and get a lot of nice functions, i.e. log to a mysql/postgres database.
The thing is that if i make snort listen on pflog0, i get no alerts at all. Read in a newsgroup that the reason probobly is that pflogd defaults to snaplength 96, and that you should rise it to 1500. I have done it and still doesnt get any alerts.
I have read everywhere that i can think of (snorts manfiles, the docs on snort.org, google, etc), but can't seem to find anything anywhere.
anyone that have successfully made snort listen as a IDS on pflog0, please reply!
:oops: :oops: :shock:
I just read that you can have snort listening to pf:s log interface and get a lot of nice functions, i.e. log to a mysql/postgres database.
The thing is that if i make snort listen on pflog0, i get no alerts at all. Read in a newsgroup that the reason probobly is that pflogd defaults to snaplength 96, and that you should rise it to 1500. I have done it and still doesnt get any alerts.
I have read everywhere that i can think of (snorts manfiles, the docs on snort.org, google, etc), but can't seem to find anything anywhere.
anyone that have successfully made snort listen as a IDS on pflog0, please reply!
:oops: :oops: :shock: