Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

> ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------ next part -- An HTML attachment was scrubbed... -- Message:

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

> I saw your suggestion regarding SecurityOnion however I am running Suricata > from a FreeBsd platform within Jails. > Security Onion doesn't offer that for me. The refactor also includes support for remote Suricata and Snort :) Cheers! dw. — Derek Wuelfrath dwuelfr...@inverse.ca ::

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

Please state me the specific version of PacketFence you are running (cat /usr/local/pf/conf/pf-release) and I will point you the exact lines to change :) Thanks Cheers! dw. — Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

Derek. At last mail I had told you that adapting the regex was problematic because what I had in my packet fence was very different from what you had described. "https://github.com/inverse-inc/packetfence/blob/devel/sbin/pfdetect#L103 Commenting out lines 103 to 131 and adding your new regex

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

Chris, > - Remove the following check from pfcmd checkup > > https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/pfcmd/checkup.pm#L298 > Comment lines 298 to 303 > - > So my

[PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath)

Derek, in a previous mail you had stated that I should make some modifications to a few files. I'm having a bit of trouble interpreting what I should do. Hoping you can shed some wisdom here. Everything else is ready to go. Thanks. (quoting you from previous mail) - Remove the following check

[PacketFence-users] Suricata alerts to Packet Fence (Derek, Wuelfrath) (Boley, Chris)

is B?hring) 4. Integration with iBoss SSO (Morgan, Darren) -- Message: 1 Date: Wed, 14 Oct 2015 20:47:00 +0000 From: "Boley, Chris" <chrisbo...@cogentrix.com> Subject: [PacketFence-users] Suricata alerts to Packet

[PacketFence-users] Suricata alerts to Packet Fence (Derek Wuelfrath)

Hi Derek, on your last suggestion I basically replaced syslogd on freebsd with syslog-ng so as to more easily mimic your instructions: You had suggested some syslog-ng config changes. I put them verbatim right in the bottom of the cfg file without modifying anything else. Seemed like the easiest

Re: [PacketFence-users] Suricata alerts to Packet Fence (Derek Wuelfrath)

Sorry Derek, I neglected to follow the directions regarding subject line the first time round. It's vanilla FreeBSD 10.2 with Suricata running. It is not a combination of softwares. Thanks for your response. -Original Message- From: packetfence-users-requ...@lists.sourceforge.net