Hi Cory, you use on pfsense squid in no transparent mode?


best regards,


Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat@ztlsd.org> a écrit :
Good afternoon,

I decided to recently try Snort mainly for the App ID capability.. I work at a school so students are always using social networking apps and streaming media apps. I created the WAN interface and started the Snort process on this interface. I am using the predefined balanced IPS policy and I also placed a check in all of the check boxes underneath Snort OPENAPPI Rules and Ruleset: ET Open Rules.

Now onto the issue I am having.. When I go to the alerts tab, most of what I see is Chrome and http traffic underneath description. There are no social networking or streaming services populating, even though I know people are using them. Does the free subscription just not have the most up to date App ID's, so nothing is coming up?

Thank you,

Cory Juillerat, M.S. 

Director of Technology

Phone: 740.772.7667

Email: cjuillerat@ztlsd.org


Snort-openappid mailing list

Please visit http://blog.snort.org to stay current on all the latest Snort news!