Hi all, We have 2.2.4-RELEASE (amd64) with Snort 3.2.8.2<https://github.com/pfsense/pfsense-packages/commits/master/config/snort> installed.
Two questions: 1. What tool or what pfSense menu should we use to read the Snort interface statistics? The format that is available via Snort Interface - Interface Logs - intX.stats log file is not user friendly and it's not possible to get any useful information from there. 2. Is there any way to see what exact traffic/pattern triggered the Snort Alert? I know how to find the rule description that the potentially harmful traffic matched, but interested to see the exact traffic log that triggered the alert. I'd like to have more information before marking it as a false positive for my environment and start ignoring or disable some rules. Let me know if I can provide more details. Best regards, Sergii Cherkashyn _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold