[Snort-openappid] Using Snort on pfsense

Frederic Lubrano frederic.lubrano at gmail.com
Fri Apr 20 13:52:45 EDT 2018


Hi Cory, you use on pfsense squid in no transparent mode?

thanks

best regards,

fred

Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat at ztlsd.org> a écrit :

> Good afternoon,
>
> I decided to recently try Snort mainly for the App ID capability.. I work
> at a school so students are always using social networking apps and
> streaming media apps. I created the WAN interface and started the Snort
> process on this interface. I am using the predefined balanced IPS policy
> and I also placed a check in all of the check boxes underneath Snort
> OPENAPPI Rules and Ruleset: ET Open Rules.
>
> Now onto the issue I am having.. When I go to the alerts tab, most of what
> I see is Chrome and http traffic underneath description. There are no
> social networking or streaming services populating, even though I know
> people are using them. Does the free subscription just not have the most up
> to date App ID's, so nothing is coming up?
>
> Thank you,
>
>
> Cory Juillerat, M.S.
>
> Director of Technology
>
> *Phone: *740.772.7667
>
> *Email:* cjuillerat at ztlsd.org
>
>
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-openappid
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180420/ce2982d2/attachment.html>


More information about the Snort-openappid mailing list