Hi Cory, you use on pfsense squid in no transparent mode?

thanks

best regards,

fred

Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat@ztlsd.org> a écrit :
Good afternoon,

I decided to recently try Snort mainly for the App ID capability.. I work at a school so students are always using social networking apps and streaming media apps. I created the WAN interface and started the Snort process on this interface. I am using the predefined balanced IPS policy and I also placed a check in all of the check boxes underneath Snort OPENAPPI Rules and Ruleset: ET Open Rules.

Now onto the issue I am having.. When I go to the alerts tab, most of what I see is Chrome and http traffic underneath description. There are no social networking or streaming services populating, even though I know people are using them. Does the free subscription just not have the most up to date App ID's, so nothing is coming up?

Thank you,


Cory Juillerat, M.S. 

Director of Technology

Phone: 740.772.7667

Email: cjuillerat@ztlsd.org

 

_______________________________________________
Snort-openappid mailing list
Snort-openappid@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!