Snort mailing list archives

Re: Snort installation on openstack

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 27 May 2016 16:58:41 +0000

1) You are not telling snort what configuration file to use (with a -c ).

You may want to start reading here: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html

or

here http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node3.html


If you don't specify a configuration file snort will run as a packet sniffer which is expected behavior.


2) As for the installation of snort on openstack you may want to install Centos there first. THEN install snort 
afterwards.

As I said your issue looks like a problem with the install of CENTOS in openstack and not snort.

There is an error in your screenshot which points to openstack/centos issue. See the error:  '/dev/mapper/centos-root/' 
does not exist.

Your installation looks like it tanks after that.


Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Velusami, Selvi [mailto:selvi.velusami () verizon com]
Sent: Friday, May 27, 2016 12:42 PM
To: Al Lewis (allewi)
Cc: snort-users () lists sourceforge net
Subject: RE: Snort installation on openstack

Hi,

Please find below the summary of status and the problem statement


1.       Snort Installation

*         Installed centos 7 in a virtual machine

*         Configured the virtual machine to reach the internet

*         Downloaded and installed Snort on the virtual machine

*         Downloaded the snort rules and placed in the required folder.

*         Sent icmp packets to the snort and issued the command "snort - I <interface>

*         While running the Snort on a particular interface, it could capture the packets of the icmp message, but 
getting some warning messages here. "No preprocessors configured"



Could see snort is running and it captures the packets but got the message "No preprocessors configured" along with 
that. Please find below the screenshot.

[cid:image001.jpg@01D1B816.756A3120]


2.       Qcow2 image creation

*         Now tried to create qcow image from for the snort

*         Exported the virtual machine to ova file

*         Using qemu-img, converted the vmdk image to qcow2 image



3.       Snort installation on openstack

*         Created an instance in openstack using the qcow2 image of snort.

*         During the installation , it went to emergency mode and the installation stopped. Please find below the 
screenshot.

[cid:image002.jpg@01D1B76B.2BE22680]


My requirement is, I need to install the snort in open stack and do the configuration for the same. Need pointers or 
images to install the same on openstack. I really appreciate your help on the same.

Thanks,
Selvi.V

From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Friday, May 27, 2016 12:31 PM
To: Velusami, Selvi
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: Snort installation on openstack

Hello,

Can you be a little more specific and explain what is not working for you?

Based on what you are saying you have a problem using your image in openstack and not a snort related issue.


Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Velusami, Selvi [mailto:selvi.velusami () verizon com]
Sent: Friday, May 27, 2016 11:55 AM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Snort installation on openstack

Hi,

I am new to Snort and I have not used it before. The present requirement for me is I need to create a virtual image for 
snort and the same needs to be installed on openstack. Should do the configuration on top of itfor further monitoring.

At present I tried to install snort on virtual machine on centos and using that tried to create a virtual image and 
that image is not working for me in openstack.

Can anyone please help me on this.

Thanks,
Selvi.V

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Al Lewis (allewi) (May 27)
  - Re: Snort installation on openstack Velusami, Selvi (May 27)
    - Re: Snort installation on openstack wkitty42 (May 27)
    - Re: Snort installation on openstack Velusami, Selvi (May 27)
    - Re: Snort installation on openstack wkitty42 (May 27)
    - Re: Snort installation on openstack Velusami, Selvi (May 27)
    - Re: Snort installation on openstack Al Lewis (allewi) (May 27)
    - Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Diego Parrilla Santamaría (May 27)
  - Re: Snort installation on openstack Velusami, Selvi (May 27)
    - Re: Snort installation on openstack Diego Parrilla Santamaría (May 27)
    - Re: Snort installation on openstack Velusami, Selvi (May 27)
    - Re: Snort installation on openstack Velusami, Selvi (May 31)
- <Possible follow-ups>
- Snort installation on openstack Velusami, Selvi (May 27)