Snort mailing list archives
Re: Restart snort inline without traffic loss?
From: "Andy" <a_w_smith () yahoo co uk>
Date: Wed, 6 Feb 2013 10:26:35 -0000
Hi, I am already using pulledpork, how can I use this to help with my issues? Thanks, Andy.
-----Original Message----- From: Heine Lysemose [mailto:lysemose () gmail com] Sent: Tuesday, February 05, 2013 9:02 PM To: Andy Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Restart snort inline without traffic loss? Hi Andy On Feb 5, 2013 9:30 PM, "Andy" <a_w_smith () yahoo co uk> wrote:Hi, I am new to snort, I have it installed on a web server running inlinemodewith iptables, nfqueue, barnyard2 and snorby. I've downloaded the emerging threats rules, firstly all the rules are alerts, do I have to convert these to drop if I want to drop thetraffic?Have a look at Pulledpork, http://code.google.com/p/pulledpork/, it will do this for you + a lot of other cool things.Assuming I do, how do I restart snort without loosing good traffic, currently if I kill the process and restart I lose about 30 seconds of traffic while snort restarts, not good on an ecommerce site. I also would like a fail safe nfqueue bypass in case things go wrong, atthemoment if snort goes down I also get locked out but its on a cron job to restart if its down for more than 1 minute. I need some advice please.. Thanks.Regards, Lysemose------------------------------------------------------------------------------Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news!
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Restart snort inline without traffic loss? Andy (Feb 05)
- Re: Restart snort inline without traffic loss? Heine Lysemose (Feb 05)
- Re: Restart snort inline without traffic loss? Andy (Feb 06)
- Re: Restart snort inline without traffic loss? Mitesh Jadia (Feb 06)
- Re: Restart snort inline without traffic loss? waldo kitty (Feb 06)
- Re: Restart snort inline without traffic loss? waldo kitty (Feb 06)
- <Possible follow-ups>
- Re: Restart snort inline without traffic loss? Y M (Feb 06)
- Re: Restart snort inline without traffic loss? Andy (Feb 07)
- Re: Restart snort inline without traffic loss? Joel Esler (Feb 07)
- Re: Restart snort inline without traffic loss? Andy (Feb 08)
- Re: Restart snort inline without traffic loss? waldo kitty (Feb 07)
- Re: Restart snort inline without traffic loss? Andy (Feb 07)
- Re: Restart snort inline without traffic loss? Heine Lysemose (Feb 05)
- Re: Restart snort inline without traffic loss? Y M (Feb 08)
- Re: Restart snort inline without traffic loss? Andy (Feb 08)