[Snort-users] Snort on PPP

John Berkers berjo at ...827...
Sun Mar 4 04:32:48 EST 2001


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The snortd in init.d ships with the rpm by Mandrake.

Looks like I've got some defouling to do on my system.

Thanks for your suggestion.

- -----Original Message-----
From: John Kiehnle [mailto:john at ...1477...]
Sent: Sunday, 4 March 2001 20:05
To: berjo at ...827...
Subject: Re: [Snort-users] Snort on PPP


I am still green at this, but using snort 1.7, I can run snort  -c 
/etc/snort/snort.conf -o -b -A fast -i ppp0 to start snort on RH6.2
with 
no problem at all. I know that does not help directly but does seem
to 
infer that something is foul on your setup still. I hope that helps 
narrow your focus. Did you write a short startup script for init.d or
is 
there one in the tarball somewhere?

John Kiehnle

John Berkers wrote:

>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I am using Snort 1.7, but when I start it manually (to make sure
> that it's working) with the  following command line:
> 
> 	snort -Afull -c /etc/snort/snort.conf -i ppp0
> 
> I get the following message:
> 
> 
>         --== Initializing Snort ==--
> 
> Initializing Network Interface ppp0
> 
> snort cannot handle data link type 101
> Exiting...
> 
> it then carries on about it packet stats before returning to the
> command line.
> 
> If I start it as a daemon (using /etc/rc.d/init.d/snortd start) it
> reports as starting OK, but immediately when I do a snortd status I
> get this message:
> 
> snort dead but subsys locked
> 
> Any help would be appreciated.
> 
> John.
> 
> - -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Vitaly
> McLain
> Sent: Saturday, 3 March 2001 19:49
> To: berjo at ...827...
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort on PPP
> 
> 
> It's late, so I'll give you a simple answer: Yes. :)
> It's easier with Snort 1.7, in terms of getting Snort to work with
> a dynamically-assigned IP. In Snort 1.6.x and below, a shell script
> was needed, but not with Snort 1.7.
> 
> Vitaly McLain
> twistah at ...93...
> twistah @ OPN & EfNet
> "If you don't turn on to politics, politics will turn on you."
>        - Ralph Nader
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use
> <http://www.pgp.com>  
> 
> iQA/AwUBOqG27QRiy4kmcIkhEQIMmwCgkBm9SD39ny4CAVjC5yB6klzVPvEAoO2d
> ItEwmXlt8iO7R25dL77gyw3V
> =lbSL
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 
> 



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOqILvwRiy4kmcIkhEQJ45ACgrcIjoLrgtNElI0NHejE7aZdxwFwAn2u8
imduXIK8uAhyk2se5IAj0S3L
=r3kl
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list