Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snortsam iptables plugin

From: "Huseyin A. Ozbey" <huseyin () btegitim com>
Date: Mon, 3 Jan 2005 00:03:53 +0200
Dear Mr. Knobbe
I thank to your help, I did what your advised (correct the line
"iptables eth0 syslog.info" , add disableseqnocheck and nothreads in
snortsam.conf) but my problem still continues. There is no action from
iptables!

What can I do more?

Best Regards 

Huseyin A. Ozbey

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Frank
Knobbe
Sent: Sunday, January 02, 2005 6:16 PM
To: huseyin () btegitim com
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snortsam iptables plugin


On Sun, 2005-01-02 at 15:26 +0200, Huseyin A. Ozbey wrote:

I have problems using snort with the snortsam iptables plugin. When I 
patch snort, It says "Patching Snort version 2.0...", does it mean I 
coundn't use snort-2.3.0RC2 ?


Nope, no problem there. It should probably read 2.x ... I'll fix that
shortly. :)   Your Snort is patched correctly.


I have attached the files, snort.conf, snortsam.conf and 
sid-block.map. Would you please help me why I couldn't see any command



in the FORWARD chain.


Don't know much about iptables, but I'll try. in your snortsam.conf you
have:
 iptables eth0 /var/log/syslog.info
This should probably be:
 iptables eth0 syslog.info  
It doesn't point to a file, but just lists the log facility and level.

I noticed that both, Snort and Snortsam are running on the same host. In
that case you also want to add:  disableseqnocheck

Further, since it's Linux and a lot of Linux machines appear to have
problems with multi-threading, add:  nothreads That seems to cure a lot
of problems on Linux boxes.


Hope that helps,
Frank




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: