@xmemex while neither Suricata or pfblocker are AV they do alert but function differently. I would recommend picking up a copy of " The Practice of Network Security MOnitoring" from No Starch Press. It covers Snort and Suricata and log files. Pfblocker works at the DNS level and depends on block lists of known sites dishing out malware, you can also add your own currated lists. Pf-Sense is what I use and recommend to my clients. Built my own box haven’t had any issues.
1 Like