Snort mailing list archives
Re: Snort installation on openstack
From: "Velusami, Selvi" <selvi.velusami () verizon com>
Date: Fri, 27 May 2016 15:18:17 -0400
Hi Diego, Thank you. I got your point. I will try this and update you the results. Thanks, Selvi.V From: Diego Parrilla Santamaría [mailto:diego.parrilla.santamaria () gmail com] Sent: Friday, May 27, 2016 2:58 PM To: Velusami, Selvi Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort installation on openstack Hi Selvi, as I said, nothing special. We followed this guide (or maybe the same but older): https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf<https://mailtrack.io/trace/link/2b0a1249d6823ddf0674f5385c892a72abc830df?url=https%3A%2F%2Fs3.amazonaws.com%2Fsnort-org-site%2Fproduction%2Fdocument_files%2Ffiles%2F000%2F000%2F090%2Foriginal%2FSnort_2.9.8.x_on_Ubuntu_12-14-15.pdf&signature=0966467a0215ce0c> we installed snort, pulledpork, snortby as described. Probably we had to tweak and fix some parameters not documented, but nothing important. We also tested banyard2, and some crazy multinode architecture that didn't work (remember: neutron doesn't like promiscuous...) very well. If you want to have a fully functional Snort (or any other NIDS) in a cloud platform you need to have direct access to the infrastructure. Good luck! Diego On Fri, May 27, 2016 at 8:47 PM, Velusami, Selvi <selvi.velusami () verizon com<mailto:selvi.velusami () verizon com>> wrote: Hi, Thanks for your response. Can you please let me know how you deployed the Snort in the openstack. Have you created any virtual image for the same. In this case, could you please share the steps that you have followed. Given below are the steps that I have followed 1. Snort Installation • Installed centos 7 in a virtual machine • Configured the virtual machine to reach the internet • Downloaded and installed Snort on the virtual machine • Downloaded the snort rules and placed in the required folder. • Sent icmp packets to the snort and issued the command “snort – I <interface> • While running the Snort on a particular interface, it could capture the packets of the icmp message, but getting some warning messages here. “No preprocessors configured” 2. Qcow2 image creation • Now tried to create qcow image from for the snort • Exported the virtual machine to ova file • Using qemu-img, converted the vmdk image to qcow2 image 3. Snort installation on openstack • Created an instance in openstack using the qcow2 image of snort. • During the installation , it went to emergency mode and the installation stopped. Also, if you have the image to create a snort instance on openstack, can you please share the same. Thanks, Selvi.V From: Diego Parrilla Santamaría [mailto:diego.parrilla.santamaria () gmail com<mailto:diego.parrilla.santamaria () gmail com>] Sent: Friday, May 27, 2016 2:39 PM To: Velusami, Selvi Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort installation on openstack Hi Selvi, we have successfully deployed Snort in OpenStack and there is nothing special you have to do at operating system level. So keep on trying until you have it up and running! But, keep in mind that Snort and Neutron (no matter if you use Openvswitch or other technologies) do not work very well together. Promiscuous mode is a must for Snort and this requirement clashes with the isolation layers offered by the cloud platform. We played with Snort in our cloud platform for months and found that Snort should not run as a VM, but as part of the Openstack infrastructure. Obviously, this is not something easy to do, but could be a nice to have service extension for Neutron. Finally, we decided to drop Snort and move to a Host based IDS. Cheers Diego On Fri, May 27, 2016 at 5:54 PM, Velusami, Selvi <selvi.velusami () verizon com<mailto:selvi.velusami () verizon com>> wrote: Hi, I am new to Snort and I have not used it before. The present requirement for me is I need to create a virtual image for snort and the same needs to be installed on openstack. Should do the configuration on top of itfor further monitoring. At present I tried to install snort on virtual machine on centos and using that tried to create a virtual image and that image is not working for me in openstack. Can anyone please help me on this. Thanks, Selvi.V ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! [data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7] -- [https://newoldstamp.com/editor/profilePictures/profile-63bd20dc625e9300c91ee806879300eb-167230.jpg] Diego Parrilla Santamaría CEO, StackOps Technologies +34 91 0052164<tel:%2B34%2091%200052164> www.stackops.com<https://mailtrack.io/trace/link/479dfa3b5a6a4374acdf1c30bc816836a62092f8?url=http%3A%2F%2Fwww.stackops.com%2F&signature=fc432a13cc8a1771> www.cirrusflex.com<https://mailtrack.io/trace/link/8e8bce1b22795bed18a57d157bcee9fec8345418?url=http%3A%2F%2Fwww.cirrusflex.com%2F&signature=55bdffd72301773f> [https://newoldstamp.com/editor/images/f.jpg]<https://mailtrack.io/trace/link/249a4b7927012e3c82ddeacffb35146a69d12e51?url=http%3A%2F%2Ffacebook.com%2Fstackops&signature=635c6fd5fdbd1a97> [https://newoldstamp.com/editor/images/tw.jpg]<https://mailtrack.io/trace/link/b8bd3e023da2d58a315b6b5bfad8c2790209055e?url=http%3A%2F%2Ftwitter.com%2Fstackops&signature=47f98e84262ca8a8> [https://newoldstamp.com/editor/images/in.jpg]<https://mailtrack.io/trace/link/9f77c31d487e2eaedab81fe44aca28cb6eb38a3e?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fstackops&signature=df72c8229eb7a4c0> [https://mailtrack.io/trace/mail/ed725586b57e02bb0af26a9459cc22ff0c603f6f33290.png] -- [https://newoldstamp.com/editor/profilePictures/profile-63bd20dc625e9300c91ee806879300eb-167230.jpg] Diego Parrilla Santamaría CEO, StackOps Technologies +34 91 0052164 www.stackops.com<https://mailtrack.io/trace/link/7632d2c26091b3847621fb3a005e6ec065688271?url=http%3A%2F%2Fwww.stackops.com%2F&signature=6330792adc31ef09> www.cirrusflex.com<https://mailtrack.io/trace/link/7f717e8dd056b6ab5b9c369171ebd4770831bfdf?url=http%3A%2F%2Fwww.cirrusflex.com%2F&signature=f272e68d7dcc883b> [https://newoldstamp.com/editor/images/f.jpg]<https://mailtrack.io/trace/link/88da9cb0592e61eb38be354f8dd4d1739b3a0daa?url=http%3A%2F%2Ffacebook.com%2Fstackops&signature=e2441632b6476c67> [https://newoldstamp.com/editor/images/tw.jpg]<https://mailtrack.io/trace/link/ffda93f5f4c9c687324c69a22d053f6f114b4a69?url=http%3A%2F%2Ftwitter.com%2Fstackops&signature=fd7d1a51c59862cb> [https://newoldstamp.com/editor/images/in.jpg]<https://mailtrack.io/trace/link/136237c554a47e6ebf96856bfcebadec8c988522?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fstackops&signature=931176fdbf176ef4>
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort installation on openstack, (continued)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack wkitty42 (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack wkitty42 (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Al Lewis (allewi) (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Diego Parrilla Santamaría (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 27)
- Re: Snort installation on openstack Velusami, Selvi (May 31)