[Snort-users] running snort questions

Stefan Schleifer stefan.schleifer at ...6267...
Wed Jul 24 00:06:07 EDT 2002


hi,

you can still use the interfaces file:

[root at ...6425...:/etc/network]# cat interfaces

<snip>

iface eth0 inet static

iface eth1 inet static

iface eth2 inet static

<snip>

works for me:

[root at ...6425...:/etc/network]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:80:C8:B9:F9:C9
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:450630038 errors:9 dropped:0 overruns:0 frame:15
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:209873534 (200.1 MiB)  TX bytes:0 (0.0 b)
           Interrupt:10 Base address:0xa800


the only thing that doesn't work for me on this machine is snort -i any. 
that only puts eth0 in promiscuous mode (using snort-mysql Version 1.8.7 
(Build 128)). on another machine with ip adresses it works (using 
snort-mysql Version 1.8.4-beta1 (Build 91)).

if you want it to start on system boot, just install the *debs 
(snort-common, snort or snort-mysql,... and the snort-rules-default). 
init script is included. i suggest then to update the rules from the 
snort homepage. maybe you have to do a "update-rc.d snort default" the 
get the links in the rc?.d dirs.

stefan.



Daniel Lopez wrote:
> Hello,
> 
> I would like to start Snort when my computer boots.
> Thus, I have to configure it to run in daemon mode, haven't I?
> 
> Then, I would like to run it on a Debian 3.0 machine in promiscuous
> mode.
> The problem that I have is that in order to configure my network card
> without
> an ip-address I cannot use the standard's Debian /etc/network/interfaces
> since
> the ifup and ifdown expect some more information there than it is
> needed.
> 
> Thus, should I use a script? If it is right, do you know if somebody has
> already written one? :)
> Thanks a lot for your help!
> 
> 
> Daniel Lopez
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 


-- 

: Stefan Schleifer                            Tel +43-1-8974897-754 :
: LINBIT Information Technologies GmbH        Fax +43-1-8974897-111 :
: Sechshauserstr 48, A-1150 Vienna/Europe     http://www.linbit.com :






More information about the Snort-users mailing list