> I saw your suggestion regarding SecurityOnion however I am running Suricata > from a FreeBsd platform within Jails. > Security Onion doesn't offer that for me.
The refactor also includes support for remote Suricata and Snort :) Cheers! dw. — Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Nov 4, 2015, at 10:46 AM, Boley, Chris <chrisbo...@cogentrix.com> wrote: > > Derek. At last mail I had told you that adapting the regex was problematic > because what I had in my packet fence was very different from what you had > described. > "https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L103 > Commenting out lines 103 to 131 and adding your new regex code afterward > According to changelog in my system: Last commit date showed Date: Fri Jul > 24 10:34:46 2015 -0400 > I'm pretty sure my version is 5.3.1 > > So again: > Where/how should I apply your suggested regex code seen below? > > if ( $_ =~ > /^(.+?\s\d+\s\d+:\d+:\d+)\s+.+?\[\d+:(\d+):\d+\]\s+(.+?)\s+\[.+?\s+(.+ > ?)\].+?\}\s+(.+?):.+?>\s(.+?):/ ) { > > $date = $1; > > $sid = $2; > > $descr = $3; > > $srcip = $5; > > $dstip = $6; > > } else { > > $logger->warn("unknown input: $_ "); > > next; > > } > > > ======================================================================================================= > I saw your suggestion regarding SecurityOnion however I am running Suricata > from a FreeBsd platform within Jails. > Security Onion doesn't offer that for me. > Thanks! > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users