Snort mailing list archives
RE: snortsam iptables plugin
From: "Huseyin A. Ozbey" <huseyin () btegitim com>
Date: Mon, 3 Jan 2005 00:03:53 +0200
Dear Mr. Knobbe I thank to your help, I did what your advised (correct the line "iptables eth0 syslog.info" , add disableseqnocheck and nothreads in snortsam.conf) but my problem still continues. There is no action from iptables! What can I do more? Best Regards Huseyin A. Ozbey -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Frank Knobbe Sent: Sunday, January 02, 2005 6:16 PM To: huseyin () btegitim com Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] snortsam iptables plugin On Sun, 2005-01-02 at 15:26 +0200, Huseyin A. Ozbey wrote:
I have problems using snort with the snortsam iptables plugin. When I patch snort, It says "Patching Snort version 2.0...", does it mean I coundn't use snort-2.3.0RC2 ?
Nope, no problem there. It should probably read 2.x ... I'll fix that shortly. :) Your Snort is patched correctly.
I have attached the files, snort.conf, snortsam.conf and sid-block.map. Would you please help me why I couldn't see any command
in the FORWARD chain.
Don't know much about iptables, but I'll try. in your snortsam.conf you have: iptables eth0 /var/log/syslog.info This should probably be: iptables eth0 syslog.info It doesn't point to a file, but just lists the log facility and level. I noticed that both, Snort and Snortsam are running on the same host. In that case you also want to add: disableseqnocheck Further, since it's Linux and a lot of Linux machines appear to have problems with multi-threading, add: nothreads That seems to cure a lot of problems on Linux boxes. Hope that helps, Frank ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snortsam iptables plugin Huseyin A. Ozbey (Jan 02)
- Re: snortsam iptables plugin Frank Knobbe (Jan 02)
- RE: snortsam iptables plugin Huseyin A. Ozbey (Jan 02)
- RE: snortsam iptables plugin Frank Knobbe (Jan 02)
- RE: snortsam iptables plugin Huseyin A. Ozbey (Jan 02)
- Re: snortsam iptables plugin Frank Knobbe (Jan 02)