Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Snort-Inline not working

From: "Ian J. Hudson" <ihudson () waspc org>
Date: Wed, 23 Aug 2006 16:27:44 -0700
Below is what I've encountered I'm really trying to get this to work,
not sure what went wrong.  

Regards,
Ian J Hudson
IT Systems Specialist
WASPC
ihudson () waspc org
360.486.2380


     Sorry to bug you.  With the Honeywall I've been able to see

stuff

happening with DNS externally, but I can't seem to get Snort,
Snort-Inline to work no matter how many restarts, reloads, and

reboots.

As a result the honeywall restricts all outgoing and incoming

traffic.

That's the only hang up I am having with Honeywall currently

everything

seems to be updated ran yum have it configured to autoupdate although
one of the update sites is bad.  Other than that do you have any idea
how to fix Snort, Snort-Inline?  I had previously thought it was a

bad

IPtables configuration, or the rc.firewall script, but those all

should

be automated which leaves it to this possibly Snort, Snort-inline

isn't

working, which they don't appear to be running.


Running Services..

argus (pid 3815 3270 3269) is running...
bridge name     bridge id               STP enabled     interfaces
br0             8000.0002a58972f8       no              eth0
                                                        eth1
cpuspeed is stopped
crond (pid 3984) is running...
dc_client is stopped
dc_server is stopped
gpm (pid 3975) is running...
hald (pid 4023) is running...
argus (pid 3815 3270 3269) is running...
hflowd (pid 3808) is running...
mysqld (pid 3170) is running...
p0f (pid 3336) is running
hflow-pcap (pid 3415) is running
snort-plain dead but subsys locked
snort-inline dead but pid file exists
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
Honeywall health as of  Tue Aug 22 05:46:20 PDT 2006
Currently active devices:
lo
eth0
eth1
eth2
br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.0002a58972f8       no              eth0
                                                        eth1
/etc/init.d/rc.firewall is active
hflowd (pid 3808) is running...
snort-inline dead but pid file exists
snort-plain dead but subsys locked
hflow-pcap (pid 3415) is running
p0f (pid 3336) is running
argus (pid 3815 3270 3269) is running...
mysqld (pid 3170) is running...
sebekd (pid 3647) is running...
Related services:
monit is stopped
swatch (pid 3908) is running...
Currently active devices:
lo
eth0
eth1
eth2
br0
Firewall is stopped.
irqbalance (pid 2762) is running...
dbus-daemon-1 (pid 4014) is running...
/etc/init.d/microcode_ctl: reading microcode status is not yet supported
monit is stopped
monit is stopped
mysqld (pid 3170) is running...
netplugd is stopped
Configured devices:
lo eth0 eth1 eth2
Currently active devices:
lo eth0 eth1 eth2 br0
ntpd is stopped
p0f (pid 3336 3061) is running...
master (pid 3964) is running...
/etc/init.d/rc.firewall is active
saslauthd is stopped
sebekd (pid 3647) is running...
smartd is stopped
snort dead but subsys locked
sshd (pid 5607 5605 3667) is running...
swatch (pid 3908) is running...
syslogd (pid 2748) is running...
klogd (pid 2752) is running...
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
xfs (pid 4005) is running...
xinetd is stopped
Nightly yum update is disabled.
Previous By Date Next
Previous By Thread Next

Current thread: