Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort doesn't react on rules - help a new snort user

From: Heine Lysemose <lysemose () gmail com>
Date: Mon, 23 Apr 2012 08:39:59 +0200
Hi Blixten

I don't run IPS anymore but last time I tried it, I used this command to
fire up Snort.

/usr/local/snort/bin/snort --daq afpacket -Q -c
/usr/local/snort/etc/snort.conf -i eth1:eth2 --daq-dir /usr/local/lib/daq

You only need to setup the two interfaces you will be running monitoring
interfaces on, eth1 and eth2. The management interface is normal static or
DHCP configured.

auto eth1
iface eth1 inet manual
up ifconfig eth1 0.0.0.0 up
up ip link set eth1 promisc on

auto eth2
iface eth2 inet manual
up ifconfig eth2 0.0.0.0 up
up ip link set eth2 promisc on

Yes, you should disable IPv4-forwarding since Snort will handle this
through the internal bridge.

/Lysemose

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: