amiracle / homemonitor

Splunk app for home | monitor >
25 stars 5 forks source link

Snort Logs from pfSense? #1

Closed cawilliamson closed 9 years ago

cawilliamson commented 9 years ago

Hey there!

I've got your homemonitor app setup in Splunk but am having trouble enabling Snort logs.

As you can see from the screenshot below - the "Intrusion Detection" area simply shows "N/A" and I cannot find any instructions on your blog on how to enable this. Advice?

image

Thanks!

amiracle commented 9 years ago

This search is actually a simple search that does not use snort. What I did was run a search to see how many connections from a src_ip, that is not a local address, talking to a non-local dest_ip.

cawilliamson commented 9 years ago

Ah that makes sense.

In that case I'll close the case.

Thank you for your help!

amiracle commented 9 years ago

No problem, I will eventually get to adding some support for snort, but for now I'll just use some more basic searches. I'm open to any suggestions on how to leverage the data pfSense captures from the snort sensor.