Project

General

Profile

Bug #555

Problem With Snort and Barnyard2 Not Staying Enabled on pfSense

Added by Daniel Curtis almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Intrusion Detection/Prevention
Target version:
Start date:
02/07/2015
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

I recently added the Snort package to my pfSense 2.2-RELEASE firewall and setup a remote MySQL database to log the results using barnyard2. I started by setting up a a Snort interface for the WAN, added the categories that I wanted Snort to use, and setup barnyard2 to the database, user and host to log to. The Snort interface came up just fine, however when I added another Snort interface to monitor my LAN I began experiencing problems with either snort or barnyard2 not staying enabled and the results of snort not being sent to the remote MySQL server.

The Fix

After looking around in the Snort interface configuration under the Interface Barnyard2 tab, I found an option called Disable Signature Reference Table that I needed to make sure was checked on each of the multiple Snort interfaces created.

Also available in: Atom PDF