Services: Snort Snort 2.6.0.2 Snort Setup snort specific settings
Services
/pkg_edit.php?xml=snort.xml&id=0
/usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort.inc /usr/local/bin/ 077 http://www.pfsense.com/packages/config/snort/bin/snort2c /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_download_rules.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_rulesets.php /usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort_whitelist.xml /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_blocked.php /usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_alerts.php /usr/local/pkg/pf/ 077 http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php /usr/local/pkg/pf/ 077 http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_advanced.php snort snort.sh snort /usr/local/pkg/snort.inc Snort Settings /pkg_edit.php?xml=snort.xml&id=0 Update Snort Rules /snort_download_rules.php Snort Rulesets /snort_rulesets.php Snort Blocked /snort_blocked.php Snort Whitelist /pkg.php?xml=snort_whitelist.xml Snort Alerts /snort_alerts.php Snort Advanced /pkg_edit.php?xml=snort_advanced.xml&id=0 Interface iface_array Select all WAN type interfaces lan true 3 interfaces_selection Performance performance ac method is the fastest startup but consumes more a lot more memory. acs/ac-banded and ac-sparsebands/mwm/lowmem methods use quite a bit less. select Oinkmaster code oinkmastercode Obtain a snort.org Oinkmaster code and paste here. input 60 Block offenders blockoffenders Automatically block hosts that generate a snort alert. checkbox 60 Update rules automatically automaticrulesupdate Automatically check for and update rules once a week from snort.org. checkbox Whitelist VPNs automatically whitelistvpns Checking this option will install whitelists for all VPNs. checkbox Convert Snort alerts urls to clickable links clickablalerteurls Checking this option will automatically convert URLs in the Snort alerts tab to clickable links. checkbox Associate events on Blocked tab associatealertip Checking this option will automatically associate the blocked reason from the snort alerts file. checkbox Sync Snort configuration to secondary cluster members syncxmlrpc Checking this option will automatically sync the snort configuration via XMLRPC to CARP cluster members. checkbox sync_package_snort_reinstall(); sync_package_snort(); sync_package_snort(); snort_deinstall();