Snort mailing list archives
RE: [Snort-users] snort-inline doesn´t work
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Thu, 13 Mar 2003 11:07:20 -0700
I would try and build snort-1.9.0 into the mixture as your current config will most likely not allow things to work. Guess I should have thrown that into the document i put out there. I have installed and successfully built and ran snort-inline and over 50 systems without a hitch and the normal snort-1.9.0 was on every one of these systems in addition to the iptables and snort-inline -----Original Message----- From: Jochen Vogel [mailto:jvogel () it-sec de] Sent: Thursday, March 13, 2003 7:35 AM To: 'Slighter, Tim'; 'snort-users () sourceforge net' Subject: AW: [Snort-users] snort-inline doesn´t work hi,
which snort binary are you running?
1.9.0 created a binary /usr/local/bin/snort 1.9.1 created a binary /usr/local/bin/snort_inline
You do also have a configured and working version of snort on the same machine too right?
no. i only compiled 1.9.0 and 1.9.1 inline
If you do not have a working and running version of snort then you will not have a snort.conf.
i copied /opt/packages/snort_inline-1.9.1/etc/* /etc/snort/
As for the iptables....you did "make" "make install" && "make install-devel" right?
yes ----------------------------
i did the following -installed RedHat8.0 minimal -updated all packages over RHN -get kernel-2.4.18-26.8.0 from RHN -installed libnet1.0.2a -installed iptables-1.2.7a with make install-devel -compiled snort-inline1.9.0 with --enable-inline -compiled snort-inline1.9.1 with --enable-inline --------------------------- snort-inline1.9.0 work well for a few minutes till i get an segmentation fault $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE -*> Snort! <*- Version 1.9.0beta2 (Build 184) By Martin Roesch (roesch () sourcefire com, www.snort.org) /etc/init.d/snort: line 30: 7475 Segmentation fault $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE ==> /var/log/snort/Mar_13/alert <== [**] [1:1122:4] ITSec snorttest [**] [Classification: Attempted Information Leak] [Priority: 2] 03/13-11:44:24.644534 192.168.0.145:1731 -> 195.245.50.2:80 TCP TTL:127 TOS:0x0 ID:41598 IpLen:20 DgmLen:373 DF ***AP*** Seq: 0xDEEDFC37 Ack: 0x4540AC67 Win: 0x41E8 TcpLen: 20 ==> /var/log/messages <== Mar 13 11:44:34 snolin kernel: ip_queue: peer 7475 died, resetting state and flushing queue --------------------------- snort-inline1.9.1 runs but doesn´t do something $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE -*> Snort! <*- Version 1.9.1 (Build 231) By Martin Roesch (roesch () sourcefire com, www.snort.org) ----------------------------- both are started with the same configs
------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-users] snort-inline doesn´t work Slighter, Tim (Mar 13)
- <Possible follow-ups>
- RE: [Snort-users] snort-inline doesn´t work Slighter, Tim (Mar 13)