Hello Everyone,

I'm new on using snort and I'm needing to lean on your expertise. We've decided to use snort on our network and in doing so I've setup a small test lab away from the actual network to see how this IDS works. So here's the problem.....I can't get snort to show any logs. I want to be able to see if it's actually working or not.

I set up a stand-alone server with proxmox on it.

Created 2 VM's

One is Pfsense
The other is just a xp machine.

In proxmox interface.conf looks like this.

Config looks like this:
Auto lo
Iface lo inet loopback

Auto VMbr0
Iface vmbr0 inet static
                Bridge_ports eth0
                Bridge_stp off
                Bridge_fd 0

Auto vmbr1
Iface vmbr1 inet manual
                Bridge_ports eth1
                Bridge_stp off
                Bridge_fd 0

I did everything to spec in pfsense....its pretty straight forward.

1.       Setup the interface on pfsense to match in proxmox

2.       Downloaded the snort package

3.       Obtained a oinkmaster code

4.       Created the WAN interface in snort.

5.       Checked ALL the rules to activate them.

6.       Even restarted both pfsense and the snort service.

I just for some reason can't get the darn thing to log events....as a test. I activated teamviewer rules and tried to block an event and couldn't get it to do that. So my thinking is....Its somewhere at the interface. I just don't know what I need to do. Any help would be greatful!

