Hello Jake,
you can use
http://inverse.ca/downloads/PacketFence/CentOS6/x86_64/RPMS/packetfence-remote-snort-sensor-4.0.3-1.el6.noarch.rpm
as a remote sensor.
In fact you just have to set an alert file in the snort configuration:
outputs:
# a line based alerts log similar to Snort's fast.log
- fast:
enabled: yes
filename: alert
append: yes
filetype: regular and in the initrd file pfdetectd you can set the path
to the alert file (by default it´s /var/log/snort-compat/alert) then
mkfifo /var/log/snort-compat/alert and launch snort and pfdetectd. PS:
you can use suricata Regards Fabrice
Le 2013-07-30 16:41, Sallee, Stephen (Jake) a écrit :
Hello all-mighty Devs!
I am working on integrating PacketFence with another tool called
Security Onion.
I use the term integrating very loosely.
Security Onion has the ability to aggregate several SNORT sensors into
a single interface that can be queried for reporting and nice pretty
charts via snorby : )
My goal is to use this aggregation point to report the SNORT event it
sees to PF.
What I need to know from the PF team is how does PF integrate with
SNORT? Is it enough to simply get the alerts to PF? Is there a
daemon that PF uses to listen for SNORT alerts?
I have read the admin guide and it talks about using SNORT locally on
the PF box, but my scenario would be a remote SNORT server. IF I can
find out what PF is looking for as far as SNORT is concerned I can
make sure to deliver the info in a way the PF is happy with.
Any information is greatly appreciated.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
