Snort Logs from pfSense?

[cawilliamson]

Hey there!

I've got your homemonitor app setup in Splunk but am having trouble enabling Snort logs.

As you can see from the screenshot below - the "Intrusion Detection" area simply shows "N/A" and I cannot find any instructions on your blog on how to enable this. Advice?

Thanks!

[amiracle]

This search is actually a simple search that does not use snort. What I did was run a search to see how many connections from a src_ip, that is not a local address, talking to a non-local dest_ip.

[cawilliamson]

Ah that makes sense.

In that case I'll close the case.

Thank you for your help!

[amiracle]

No problem, I will eventually get to adding some support for snort, but for now I'll just use some more basic searches. I'm open to any suggestions on how to leverage the data pfSense captures from the snort sensor.