Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort-mysql sensors

From: Mohamed Eldesoky <eldesoky.lists () gmail com>
Date: Wed, 22 Jun 2005 11:07:46 +0300
Thanks for all,
In fact, I have added another interface and IP (for the bridge
interface) during the test.

Will, 
I didn't understand what do you mean by Inlinemode().
If you mean snort-inline, I didn't run it (yet)

On 6/21/05, Will Metcalf <william.metcalf () gmail com> wrote:

I'm guessing that the IP or name changed because if you are in
Inlinemode() escapedInterfaceName is always equal to NULL so if we are
in Inlinemode() we always set escapedInterfaceName = inline.

Regards,

Will
On 6/21/05, Miner, Jonathan W (CSC) (US SSA)
<jonathan.w.miner () baesystems com> wrote:

If you change the interface, like switching from eth0 to eth1, or change

the IP address you will end up with multiple sensor entries.  I don't think
you can fix it via BASE. but you might be able to go into to mysql and
change the table directly.


        -----Original Message-----
        From: snort-users-admin () lists sourceforge net on behalf of Mohamed

Eldesoky

        Sent: Tue 06/21/2005 10:01 AM
        To: Snort Users
        Cc:
        Subject: [Snort-users] snort-mysql sensors



        At last I have run snort-mysql and BASE on my bridged firewall.
        I have two interfaces working, but BASE reports that I have three

sensors ??

        Howcome ???

        --
        Mohamed Eldesoky
        www.eldesoky.net
        RHCE


        -------------------------------------------------------
        SF.Net email is sponsored by: Discover Easy Linux Migration

Strategies

        from IBM. Find simple to follow Roadmaps, straightforward

articles,

        informative Webcasts and more! Get everything you need to get up

to

        speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=ick
        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users list archive:
        http://www.geocrawler.com/redir-sf.php3?list=ort-users








-- 
Mohamed Eldesoky
www.eldesoky.net
RHCE


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: