:20
To: Morris, Andi <amor...@cardiffmet.ac.uk>;
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Security Onion alerts not triggering
Hi,
I created a unit test (https://github.com/inverse-inc/packetfence/pull/1759)
and can validate that the "security_on
Thanks Thierry, this fixed my issue.
Cheers,
Andi
From: Thierry Laurion [mailto:tlaur...@inverse.ca]
Sent: 07 October 2016 18:09
To: packetfence-users@lists.sourceforge.net
Cc: Morris, Andi <amor...@cardiffmet.ac.uk>
Subject: Re: [PacketFence-users] Security Onion alerts not triggeri
Hi,
The "detect" trigger matches numerical SIDs found in Snort and Suricata
generated "alert" logs, which have a different format then the
"digested" logs of SecurityOnion.
As an exemple, here is the kind of logs that Suricata and Snort
generates when in "alert" mode:
'07/28/2015-09:09:59.431113
Make sure you apply the maintenance branch
(/usr/local/pf/addons/pf-maint.pl) as it contains fixes to a similar issue.
Regards,
- Julien
On 10/07/2016 10:26 AM, Morris, Andi wrote:
An update, I’m now getting the alerts hitting pfdetect, but they’re
still not triggering the violation with
An update, I'm now getting the alerts hitting pfdetect, but they're still not
triggering the violation with the same ID.
pfdetect.log shows:
Oct 07 15:23:40 pfdetect(11814) INFO: alert received: 'Oct 7 14:23:40 idsman01
securityonion_ids: 14:23:40 pid(24921) Alert Received: 0 1