Greetings, I have Suricata configured to forward logs via UDP to the PF management IP. It looks like UDP prot 514 is already open on vanilla PF install?
I have added and enabled the Suricata Syslog Parser and created the fifo alert pipe. What else remains to be done in order to start building violations against Suricata events?
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
