Re: Snort installation on openstack

[Diego Parrilla Santamaría <diego.parrilla.santamaria () gmail com>]

Hi Selvi,

we have successfully deployed Snort in OpenStack and there is nothing
special you have to do at operating system level. So keep on trying until
you have it up and running!

But, keep in mind that Snort and Neutron (no matter if you use Openvswitch
or other technologies) do not work very well together. Promiscuous mode is
a must for Snort and this requirement clashes with the isolation layers
offered by the cloud platform. We played with Snort in our cloud platform
for months and found that Snort should not run as a VM, but as part of the
Openstack infrastructure. Obviously, this is not something easy to do, but
could be a nice to have service extension for Neutron.

Finally, we decided to drop Snort and move to a Host based IDS.

Cheers
Diego

On Fri, May 27, 2016 at 5:54 PM, Velusami, Selvi <selvi.velusami () verizon com
> wrote:

> Hi,
>
>
>
> I am new to Snort and I have not used it before. The present requirement
> for me is I need to create a virtual image for snort and the same needs to
> be installed on openstack. Should do the configuration on top of itfor
> further monitoring.
>
>
>
> At present I tried to install snort on virtual machine on centos and using
> that tried to create a virtual image and that image is not working for me
> in openstack.
>
>
>
> Can anyone please help me on this.
>
>
>
> Thanks,
>
> Selvi.V
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!



-- 
Diego Parrilla Santamaría
CEO, StackOps Technologies
+34 91 0052164
www.stackops.com
<https://mailtrack.io/trace/link/479dfa3b5a6a4374acdf1c30bc816836a62092f8?url=http%3A%2F%2Fwww.stackops.com%2F&signature=fc432a13cc8a1771>
www.cirrusflex.com
<https://mailtrack.io/trace/link/8e8bce1b22795bed18a57d157bcee9fec8345418?url=http%3A%2F%2Fwww.cirrusflex.com%2F&signature=55bdffd72301773f>
<https://mailtrack.io/trace/link/249a4b7927012e3c82ddeacffb35146a69d12e51?url=http%3A%2F%2Ffacebook.com%2Fstackops&signature=635c6fd5fdbd1a97>
<https://mailtrack.io/trace/link/b8bd3e023da2d58a315b6b5bfad8c2790209055e?url=http%3A%2F%2Ftwitter.com%2Fstackops&signature=47f98e84262ca8a8>
<https://mailtrack.io/trace/link/9f77c31d487e2eaedab81fe44aca28cb6eb38a3e?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fstackops&signature=df72c8229eb7a4c0>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!