On 11/5/2015 12:06 PM, Sergii Cherkashyn wrote:
2. Is there any way to see what exact traffic/pattern triggered the Snort Alert? I know how to find the rule description that the potentially harmful traffic matched, but interested to see the exact traffic log that triggered the alert. I'd like to have more information before marking it as a false positive for my environment and start ignoring or disable some rules.
Snort saves the packets that triggered the alert in pcap format. You can download these from pfSense and view them with Wireshark.
From Services > Snort > Alerts tab by Save or Remove Logs, click Download. - John J. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
