Snort mailing list archives
Inline difficulties:
From: <tekbot () cox net>
Date: Mon, 23 Jan 2006 20:45:06 -0500
I have compiled snort version 2.4.3. I have a bridge set up as br0 whch is comprised of eth4 and eth5. br0 has no ip address associated with it. Snort is configured to log to a mysql database on 127.0.0.1:mysql (which is stunnel forwarding connections over eth0 to the mysql server) my iptables script just issues these commands: iptables -F INPUT iptables -F OUPUT iptables -F FORWARD iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -j QUEUE iptables -A FORWARD -j QUEUE iptables -A OUPUT -j QUEUE I call snort like this: snort -Q \ -l /var/log/snort -c /etc/snort/snort.conf and get this output: Reading from iptables *** *** interface device lookup found: eth0 *** Running in IDS mode Initializing Network Interface eth0 --== Initializing Snort ==-- [snip] How can I get snort to stop looking for a device and to instead grab the traffic from the netlink queue? Thanks in advance for any advice you can offer, Ryan ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Inline difficulties: tekbot (Jan 23)
- RE: Inline difficulties: Paul Melson (Jan 27)
- <Possible follow-ups>
- Re: Inline difficulties: Will Metcalf (Jan 23)