[Snort-users] Snort and SQL database
jthoel at ...11827...
Fri Feb 1 18:46:00 EST 2013
Well assuming PFSense is a firewall and reporting on every
block/pass/whatever of traffic.. that will look completely different
then a snort alert which only reports on traffic that hit against a
rule; they are not the same thing. You could have valid traffic all
day long and never trigger an alert.. but the firewall logs might be
busy logging all traffic.
But I could be missing the point of your question completely.
On Fri, Feb 1, 2013 at 11:22 PM, Josh Bitto <jbitto at ...16055...> wrote:
> I have after a week of battling with this finally got everything going on snort and then using barnyard2 to send the alerts to mysql…..However, when I export the data from the sql database it doesn’t look the same at all as the report in pfsense….
> I used barnyard2’s schema file to create the database and I’m not sure if that has something to do with it.
> Any suggestions?
More information about the Snort-users