Hello All! It is time! I am ready to commence integrating SNORT into my PF deployment.
*cue trumpets* I have 2 questions to start with: 1) does anyone have a list of snort violations you use to trigger a violation. I can compile my own but if anyone has already done this I would like to not re-invent the wheel. 2) How does PF integrate with SNORT? Does it just watch a log file looking for its list of signature IDs and firing off violations based on that? You see my SNORT server is external to my PF server and I need to know how to get the alerts PF is looking for over to my PF server. I can write a script / daemon to copy the alerts to the PF server but I have no idea what to do with them when they get there. As always, any help is greatly appreciated. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
