Snort mailing list archives
Re: Multipal configurations: ids and ips modes.
From: Y M <snort () outlook com>
Date: Tue, 7 May 2013 08:50:51 +0000
For inline operation, the daq_mode must be set to inline instead of passive, daq_mode: inline. Change that in the config file that is purposed to be used for inline operation. I do not have the enough experience to help with the way the "multiple configuration" feature you are attempting to use. May be someone else can help. Thank.YM Date: Tue, 7 May 2013 12:31:02 +0400 From: jktu17 () gmail com To: snort-users () lists sourceforge net Subject: [Snort-users] Multipal configurations: ids and ips modes. Hello I have snort 2.9.3.1 and afpacket daq installed. MY GOAL: 1. create several (e.g. 2) configurations of snort using "config binding" 2. have different modes in this configuration, for exeample: conf1 will run in tap mode and conf2 (binded) will run in inline mode. 3.only on snort process must be run to acheive this goal QUESTIONS: 1. Is it possible? I could'nt do it, because i need to specify "-Q" flag for inline mode which is global and have the next problems: 1.to run snort in inline i need to specify "-Q" (w/o it snort complains: "Adapter is in Passive Mode. Hence switching policy mode to tap.") 2.but with -Q switch i have an error from conf1: "FATAL ERROR: DAQ 'passive' mode incompatible with -Q! " PS: from manual: config daq_* options is not configuration-specific and they are global; but config policy_mode is config-specific and may differ in case of multi-configurations config; so this is the problem. PPS: Here is my config (only topic-related things): File /etc/conf1.conf: config daq_dir : /usr/lib/daq config daq : afpacket config daq_mode : passive config policy_mode : tap config interface : eth1 config binding : /etc/conf2.conf net 10.0.0.0/24 config policy_version : base-version config policy_id : 0 File /etc/conf2.conf: config policy_mode : inline config interface : eth1:eth2 config policy_version : base-version sub-version config policy_id : 1 2. Another question: in case of multiple configurations: is it necessary to include "config policy_id" options in each configurations and is option "config policy_version :" is necessary ? May be I only need to use "config binding FILE net IP" ? ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Multipal configurations: ids and ips modes. Oleg Gvozdev (May 07)
- Re: Multipal configurations: ids and ips modes. Y M (May 07)