Snort mailing list archives
Re: Snort-users Digest, Vol 108, Issue 2
From: Abdallah Jabbour <abdjbr () gmail com>
Date: Mon, 4 May 2015 00:34:23 +0200
yes they do ! On Sun, May 3, 2015 at 2:00 PM, <snort-users-request () lists sourceforge net> wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: snort inline mode in CentOS 6.6 (James Lay) ---------------------------------------------------------------------- Message: 1 Date: Sat, 02 May 2015 07:25:22 -0600 From: James Lay <jlay () slave-tothe-box net> Subject: Re: [Snort-users] snort inline mode in CentOS 6.6 To: snort-users () lists sourceforge net Message-ID: <1430573122.4447.1.camel@JamesiMac> Content-Type: text/plain; charset="utf-8" On Sat, 2015-05-02 at 12:46 +0200, Abdallah Jabbour wrote:Hello , i have installed snort on CentOS6.6 in a KVM Guest machine , it a router/ firewall using iptables , i followed the installation and configuration steps and tested the configuration file validity ( using -T command line arg ) i enabled inline mode : in configuration file : i added and uncommented the following lines : config policy_mode:inline config daq: afpacket config daq_dir: /usr/lib64/daq/ config daq_mode: inline config daq_var: buffer_size_mb=128 and also in /etc/sysconfig/snort INTERFACE=eth0:eth1 and start the snort service the network connection ( locally and to the internet ) is dropped i cannot ping any host on the network . i added some rules to /etc/snort/rules/local.rules to see if alerting is working , i can see alerts being written to /var/log/snort/alert after i reboot the machine ( since there is no network connectivity ) . i know that inline mode will put the network interfaces eth0 and eth1 in promiscuous mode and will bridge the network connection to get the network traffic . is there anything i am missing my setup ?------------------------------------------------------------------------------One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! To eth0 and eth1 have IP addresses assigned? James -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 108, Issue 2 *******************************************
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 108, Issue 2 Abdallah Jabbour (May 03)
- Re: Snort-users Digest, Vol 108, Issue 2 Abdallah Jabbour (May 03)
- Re: Snort-users Digest, Vol 108, Issue 2 Al Lewis (allewi) (May 03)
- Re: Snort-users Digest, Vol 108, Issue 2 Abdallah Jabbour (May 03)