[Snort-openappid] Using Snort on pfsense
frederic.lubrano at gmail.com
Fri Apr 20 13:52:45 EDT 2018
Hi Cory, you use on pfsense squid in no transparent mode?
Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat at ztlsd.org> a écrit :
> Good afternoon,
> I decided to recently try Snort mainly for the App ID capability.. I work
> at a school so students are always using social networking apps and
> streaming media apps. I created the WAN interface and started the Snort
> process on this interface. I am using the predefined balanced IPS policy
> and I also placed a check in all of the check boxes underneath Snort
> OPENAPPI Rules and Ruleset: ET Open Rules.
> Now onto the issue I am having.. When I go to the alerts tab, most of what
> I see is Chrome and http traffic underneath description. There are no
> social networking or streaming services populating, even though I know
> people are using them. Does the free subscription just not have the most up
> to date App ID's, so nothing is coming up?
> Thank you,
> Cory Juillerat, M.S.
> Director of Technology
> *Phone: *740.772.7667
> *Email:* cjuillerat at ztlsd.org
> Snort-openappid mailing list
> Snort-openappid at lists.snort.org
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid