Jake, I just followed the instructions on the installation guide: https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_security_onion_2_3_10
SO has a tap interface to the interesting traffic. The only problem was SO 2.4 has SELinux enabled and rsyslog couldn’t read the file, so I had to do an seaudit for selinux and then fixed the selinux settings to allow it to be read. Then I enabled the rule to isolate p2p traffic (snort example) which uses the same ID as suricata and SO use. Started to download Ubuntu ISO via bittorrent and got isolated and presented with the p2p page. Working for my purposes at least. On May 16, 2024, at 2:36 PM, Sallee, Jake via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: Nate: I am VERY curious to hear about how you are tying SO and PF together. I also am running both and am thinking of integrating them. I would like to hear your thoughts and experiences. Please feel free to start a new thread or contact me off-list if you are more comfortable there. Jake Sallee MANAGER OF INFORMATION SECURITY AND NETWORKS Godfather of Bandwidth UMHB Box 8005 | 900 College Street | Belton, Texas 76513 Office: 254.295.4658 umhb.edu<http://www.umhb.edu/> <Outlook-isngjxjr.png><https://www.facebook.com/umhb> <Outlook-krzwfpby.png><https://www.instagram.com/accounts/login/?next=/umhb/> <Outlook-bp1vqpij.png><https://twitter.com/umhb> <Outlook-wwubvhjz.png> ________________________________ From: Nate Tremmel via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> Sent: Wednesday, May 8, 2024 12:43 PM To: PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> <PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>> Cc: Nate Tremmel <n...@nathantremmel.com<mailto:n...@nathantremmel.com>> Subject: Re: [PacketFence-users] PF 13.1 Security Onion 2.4 EXTERNAL Exercise Caution SELinux was blocking syslog from reading the file. > On May 8, 2024, at 10:32 AM, Nate Tremmel <n...@nathantremmel.com> wrote: > > Anyone using Security Onion 2.4 forwarding to PacketFence for suricata > events? I have configured as the installation guide for 2.3 version of > Security Onion and I have the fast.log populating, but the syslog forwarding > doesn’t seem to be sending the fast.log to syslog on packet fence. I can > forward all security onion logs to packet fence and I still don’t see the > fast logs coming through. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
