[Snort-users] RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?)
jnebrera at ...11827...
Wed Sep 26 10:27:12 EDT 2012
Again, for the benefit of the list:
Have you read the fastpath install guide?
You need configure the manager using rb_sysconf to set networking and
cluster issues even if there is only a node (single mode). All services
in the manager (mysql, rabbitmq, chef-*, drbd, etc) depend on a working
cluster (rgmanager and cman services), this configurations are created
by rb_sysconf automatically using a wizard in the 'System configuration'
Please, read the official manual too:
On the other hand, you need to know that we don't guarantee that the
redBorder sensor works well in a virtual environment because the pf_ring
support in the virtual network module.
If you don't want to see the message "ttyS0 main process ...,
respawning" remove the file "/etc/init/ttyS0.conf" and reboot.
On 26/09/12 13:49, Giles Coochey wrote:
> On 26/09/2012 12:18, Jaime Nebrera wrote:
>> Hi Giles, we are still trying to discover why you cant send to the
>> Either way, the public release of the software was very specific to
>> a particular project. We are trying to improve that, making it much
>> more generic and thus more usable to other people.
>> Can you tell me the exact virtual box version you are using? We
>> have tried with both VMWare and KVM and works.
>> Still, is very important to follow the manual for initial
>> installation. Some stuff seems weird (like building a cluster of just
>> one node) but its relevant when you consider the whole picture
> Quite happy to do some testing, but the VirtualBox version I've tried
> the install on was 4.2.0 r80737 Windows 7 64-bit
> I've had an email from Juan off-list, so will speak with him.
> Giles Coochey, CCNA, CCNAS
> NetSecSpec Ltd
> +44 (0) 7983 877438
> giles at ...9346...
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users