Hi Jake, First of all, if you plan to have big load choose Suricata instead of Snort. Suricata is multi-treads, it uses the same rules than Snort and it is integrated in PacketFence as well as Snort.
1) I let the community to provide you that. 2) You have to install packetfence_remote_snort_sensor from Inverse repo (http://www.packetfence.org/downloads/PacketFence/RHEL6/x86_64/RPMS/packetfence-remote-snort-sensor-4.1.0-1.el6.noarch.rpm) It will parse the logs of your IDS and and to PacketFence calls https to your webservices deamon. (port 9090) regards, Loick -- [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) gtalk or skype : lpelet.inverse On Jan 14, 2014, at 4:40 PM, Sallee, Stephen (Jake) <[email protected]> wrote: > Hello All! > > It is time! I am ready to commence integrating SNORT into my PF deployment. > > *cue trumpets* > > I have 2 questions to start with: > > 1) does anyone have a list of snort violations you use to trigger a > violation. I can compile my own but if anyone has already done this I would > like to not re-invent the wheel. > > 2) How does PF integrate with SNORT? Does it just watch a log file looking > for its list of signature IDs and firing off violations based on that? > > You see my SNORT server is external to my PF server and I need to know how to > get the alerts PF is looking for over to my PF server. > > I can write a script / daemon to copy the alerts to the PF server but I have > no idea what to do with them when they get there. > > As always, any help is greatly appreciated. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
