Also, an idea, add scanlogd package, and do a small script to add ip in log to your pf table ;-)
Cheers, Wesley MOUEDINE ASSABY http://mouedine.net/ruleset50.aspx On Tue, 3 Jan 2012 17:56:13 -0500, "Bentley, Dain" <dbent...@nas.edu> wrote: > ugh....that's what I thought. > I'm reading through some OSSEC docs right now and it seems pretty > promising. > Having trouble finding anything about having it read from pflog. > ________________________________________ > From: Andres Genovez [andresgeno...@gmail.com] > Sent: Tuesday, January 03, 2012 3:04 PM > To: Bentley, Dain > Cc: misc@openbsd.org > Subject: Re: PF Snort tutorial > > 2012/1/3 Bentley, Dain <dbent...@nas.edu<mailto:dbent...@nas.edu>> > I've been looking around for a good tutorial on implementing snort with PF > and > everything I see is old, does anyone know of or have implemented a solution > using an IDS/IPS with PF on the same box? If possible I'd like snort of > some > other IDS inspect packets and have pf drop them based on the fact they > match > certain signatures. Thanks in advance. > > > Implimenting that is really a Pain in the hell out......I did it on a 4.9, > i > need to do it from sources, there is no complete tutorial, it works on 4.9, > not implemented with PF tought... > > Greetings... > > > > -- > Atentamente > > Andris Genovez Tobar / Tecnico > Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT > http://www.puntonet.ec
