Project

General

Profile

Bug #555

Problem With Snort and Barnyard2 Not Staying Enabled on pfSense

Added by Daniel Curtis over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Intrusion Detection/Prevention
Target version:
Start date:
02/07/2015
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

I recently added the Snort package to my pfSense 2.2-RELEASE firewall and setup a remote MySQL database to log the results using barnyard2. I started by setting up a a Snort interface for the WAN, added the categories that I wanted Snort to use, and setup barnyard2 to the database, user and host to log to. The Snort interface came up just fine, however when I added another Snort interface to monitor my LAN I began experiencing problems with either snort or barnyard2 not staying enabled and the results of snort not being sent to the remote MySQL server.

The Fix

After looking around in the Snort interface configuration under the Interface Barnyard2 tab, I found an option called Disable Signature Reference Table that I needed to make sure was checked on each of the multiple Snort interfaces created.

History

#1 Updated by Daniel Curtis over 5 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 70

#2 Updated by Daniel Curtis over 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 70 to 100

#3 Updated by Daniel Curtis over 5 years ago

  • Status changed from Resolved to Closed

#4 Updated by Daniel Curtis over 5 years ago

  • Target version set to pfSense 2.1.5

#5 Updated by Daniel Curtis over 5 years ago

  • Category set to Intrusion Detection/Prevention

Also available in: Atom PDF