ugh....that's what I thought. I'm reading through some OSSEC docs right now and it seems pretty promising. Having trouble finding anything about having it read from pflog. ________________________________________ From: Andres Genovez [andresgeno...@gmail.com] Sent: Tuesday, January 03, 2012 3:04 PM To: Bentley, Dain Cc: misc@openbsd.org Subject: Re: PF Snort tutorial
2012/1/3 Bentley, Dain <dbent...@nas.edu<mailto:dbent...@nas.edu>> I've been looking around for a good tutorial on implementing snort with PF and everything I see is old, does anyone know of or have implemented a solution using an IDS/IPS with PF on the same box? If possible I'd like snort of some other IDS inspect packets and have pf drop them based on the fact they match certain signatures. Thanks in advance. Implimenting that is really a Pain in the hell out......I did it on a 4.9, i need to do it from sources, there is no complete tutorial, it works on 4.9, not implemented with PF tought... Greetings... -- Atentamente Andris Genovez Tobar / Tecnico Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT http://www.puntonet.ec