Services: Snort Snort 2.6.0.2 Snort Setup snort specific settings
Services
/pkg_edit.php?xml=snort.xml&id=0
/usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort.inc /usr/local/bin/ 077 http://www.pfsense.com/packages/config/snort/bin/snort2c /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_download_rules.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_rules.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_rules_edit.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_rulesets.php /usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort_whitelist.xml /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_blocked.php /usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php /usr/local/www/ 077 http://www.pfsense.com/packages/config/snort/snort_alerts.php /usr/local/pkg/pf/ 077 http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php /usr/local/pkg/pf/ 077 http://www.pfsense.com/packages/config/snort/snort_xmlrpc_sync.php /usr/local/pkg/ 077 http://www.pfsense.com/packages/config/snort/snort_advanced.xml snort snort.sh snort /usr/local/pkg/snort.inc Settings /pkg_edit.php?xml=snort.xml&id=0 Update Rules /snort_download_rules.php Categories /snort_rulesets.php Rules /snort_rules.php Blocked /snort_blocked.php Whitelist /pkg.php?xml=snort_whitelist.xml Alerts /snort_alerts.php Advanced /pkg_edit.php?xml=snort_advanced.xml&id=0 Interface iface_array Select all WAN type interfaces lan true 3 interfaces_selection Performance performance ac method is the fastest startup but consumes more a lot more memory. acs/ac-banded and ac-sparsebands/mwm/lowmem methods use quite a bit less. ac-sparsebands is recommended. select Oinkmaster code oinkmastercode Obtain a snort.org Oinkmaster code and paste here. input 60 Snort.org subscriber subscriber Check this box if you are a Snort.org subscriber (premium rules). checkbox 60 Block offenders blockoffenders Checking this option will automatically block hosts that generate a snort alert. checkbox 60 Update rules automatically automaticrulesupdate Checking this option will automatically check for and update rules once a week from snort.org. checkbox Whitelist VPNs automatically whitelistvpns Checking this option will install whitelists for all VPNs. checkbox Convert Snort alerts urls to clickable links clickablalerteurls Checking this option will automatically convert URLs in the Snort alerts tab to clickable links. checkbox Associate events on Blocked tab associatealertip Checking this option will automatically associate the blocked reason from the snort alerts file. checkbox Sync Snort configuration to secondary cluster members syncxmlrpc Checking this option will automatically sync the snort configuration via XMLRPC to CARP cluster members. checkbox sync_package_snort_reinstall(); sync_package_snort(); sync_package_snort(); snort_deinstall();