Re: PF Snort tutorial

2012-01-04 Thread Peter N. M. Hansteen
"Wesley M." writes: > Perhaps, this can be helpful ;-) > http://www.procyonlabs.com/guides/openbsd/snort/ It's possible it's quite valid for the Snort parts, but unfortunately this HOWTO shows several of the features typical of docs maintained by people who are not, in fact, terribly familiar wi

Re: PF Snort tutorial

2012-01-04 Thread Wesley M.
y, Dain > Cc: misc@openbsd.org > Subject: Re: PF Snort tutorial > > 2012/1/3 Bentley, Dain mailto:dbent...@nas.edu>> > I've been looking around for a good tutorial on implementing snort with PF > and > everything I see is old, does anyone know of or have implemented

Re: PF Snort tutorial

2012-01-04 Thread Wesley M.
e OSSEC docs right now and it seems pretty > promising. > Having trouble finding anything about having it read from pflog. > > From: Andres Genovez [andresgeno...@gmail.com] > Sent: Tuesday, January 03, 2012 3:04 PM > To: Bentley, Dain &g

Re: PF Snort tutorial

2012-01-03 Thread Vadim Agarkov
eading through some OSSEC docs right now and it seems pretty promising. Having trouble finding anything about having it read from pflog. From: Andres Genovez [andresgeno...@gmail.com] Sent: Tuesday, January 03, 2012 3:04 PM To: Bentley, Dain Cc: misc@op

Re: PF Snort tutorial

2012-01-03 Thread Bentley, Dain
2012 3:04 PM To: Bentley, Dain Cc: misc@openbsd.org Subject: Re: PF Snort tutorial 2012/1/3 Bentley, Dain mailto:dbent...@nas.edu>> I've been looking around for a good tutorial on implementing snort with PF and everything I see is old, does anyone know of or have implemented a solution

Re: PF Snort tutorial

2012-01-03 Thread Andres Genovez
2012/1/3 Bentley, Dain > I've been looking around for a good tutorial on implementing snort with PF > and > everything I see is old, does anyone know of or have implemented a solution > using an IDS/IPS with PF on the same box? If possible I'd like snort of > some > other IDS inspect packets and

Re: PF Snort tutorial

2012-01-03 Thread Stefan Wollny
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Tue, 3 Jan 2012 10:57:16 -0500 schrieb "Bentley, Dain" : > I've been looking around for a good tutorial on implementing snort > with PF and everything I see is old, does anyone know of or have > implemented a solution using an IDS/IPS with

PF Snort tutorial

2012-01-03 Thread Bentley, Dain
I've been looking around for a good tutorial on implementing snort with PF and everything I see is old, does anyone know of or have implemented a solution using an IDS/IPS with PF on the same box? If possible I'd like snort of some other IDS inspect packets and have pf drop them based on the fact