[Snort-users] Snort Inline

Amit Kumar Gupta amitkumar.gupta at ...7853...
Tue Dec 31 20:54:02 EST 2002


HI,
 
I have tested the Logging. The logging works with -Q option . But I
don't know how to use drop and sdrop.
 
For logging I tried simple ping on local network. It seems it logs every
5th echo and echo-reply packets. You can see these packets in
/var/log/snort/ directory.
 
 
Regards,
Amit
 
 
 
-----Original Message-----
From: Bob McDowell [mailto:bmcdowell at ...7861...] 
Sent: Wednesday, January 01, 2003 3:53 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snort Inline
 
I think I answered my own question:
 
To enable ipq you must not only do the 'make install-devel' (as is
thoroughly documented) but also enable 'Userspace queuing
(experimental)' during kernel compile.  The trick is, you have to go
into 'Code Maturity...' and enable experimental items before this option
will show up.  This was non-obvious to me.  I am learning though...
 
Now 'snort -Q' will start.  I now have the same question as Amit:  how
does the packet dropping work?
 
Also, it does not seem to log packets to syslog any longer, unless I
omit the '-Q'.
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Bob
McDowell
Sent: Tuesday, December 31, 2002 2:23 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Inline
 
Has anyone on the list successfully installed/configured snort in inline
mode?  I've been wrestling with it for days, and I think I'm getting
close.  My biggest gripe about it is that I can't seem to find any help
with it.  It took a lot of head scratching to get as far as I have...
When I'm done I'll write up the steps it took me to get it snorting.  In
the mean time, can anyone out there help me?  Any documentation, tips,
warnings, etc would be greatly appreciated.
Specifically, I'm now stuck with a message that reads 'InlineInit:  :
Failed to send netlink message:  Connection refused'
Thanks in advance. 
 
Bob McDowell 
IS Specialist 
Cox HealthPlans, LLC 
417.269.2848 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021231/b0b8c65f/attachment.html>


More information about the Snort-users mailing list