Snort mailing list archives

Re: Snort inline and ip_queue


From: Ravi <ravivsn () roc co in>
Date: Tue, 23 Mar 2004 17:54:07 +0530

Neil,
Checklist for inline:
   - snort_inline configuration file: HomeNEt is it set?
   - Any logs in /var/log/messages
   - Is ip_queue insmoded, do lsmod and check
   - iptables rules: is there any entry to queue packets
   - Is snort_inline run with -Q option?

YOu may would like to run iptables -A FORWARD -j QUEUE and check.
Cheers,
-Ravi
ROCSYS Technologies Ltd
Hyderabad,INDIA
http://www.rocsys.com

neil wrote:

I have installed snort_inline, and have ip_queue installed as a module,
after some tweaking to the .conf file I have snort_inline fired up now,

but none of my tests are generating logs or seem to be working,
it seems nothing is being passed from iptables to the user space queue.

I wasn't really sure what I should have as a rule in iptables, so I used
this:

iptables -A FORWARD -i eth0 -j QUEUE

and it is the only rule.

Anyone know what I am missing here?
(I have snort working as a regular sniffer / IDS on many other systems,
but I was looking for real-time sig based IPS functionality)

Thanks in advance

Nox
www.pheusion.com



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: