[Snort-users] OT: Snort and vyatta

Joel Esler jesler at ...1935...
Thu Aug 22 10:45:43 EDT 2013


I am sure they have some kind of Open Source Community over there right?

On Aug 22, 2013, at 8:59 AM, Keith A. Glass <salgak at ...1936...> wrote:

> That would depend on which version of Vyatta you run.  The free, open-source version provides no official support.   But the documentation is good. . .
> 
> Keith
> 
> Security Geek  * Curmudgeon at Large *  Short on Sleep
> 
> On Thu Aug 22  8:50 , Joel Esler  sent:
> 
>> I don't know how many people on this list run Vyatta. It may be a better idea for you to ask your question from their product people.
>> 
>> --
>> Joel Esler
>> 
>>> On Aug 22, 2013, at 8:24 AM, Joerg Stephan osml at ...16492...> wrote:
>>> 
>>> Hey guys,
>>> 
>>> i am currently playing around with snort on vyatta. Hopefully here in 
>>> somebody who can help me.
>>> In general i setup a detect chain and the snort stuff.
>>> 
>>> name ips {
>>>     default-action accept
>>>     rule 1 {
>>>         action inspect
>>>         destination {
>>>             port http
>>>         }
>>>         protocol tcp
>>>     }
>>>     rule 2 {
>>>         action inspect
>>>         protocol tcp
>>>         source {
>>>             port http
>>>         }
>>>     }
>>> }
>>> 
>>> and
>>> 
>>> +ips {
>>> +    actions {
>>> +        other pass
>>> +        priority-1 alert
>>> +        priority-2 alert
>>> +        priority-3 alert
>>> +    }
>>> +    auto-update {
>>> +        oink-code 492fabac413dbc73f74c26923ef3b88387de8cb5
>>> +        update-hour 5
>>> +    }
>>> +}
>>> traffic-filter {
>>> +    custom ips
>>> }
>>> 
>>> sadly the commit fails with
>>> 
>>> commit
>>> [ content-inspection ]
>>> Stopping Content Inspection...iptables: No chain/target/match by that 
>>> name.
>>> Done.
>>> Starting Content Inspection....iptables: No chain/target/match by that 
>>> name.
>>> Content Inspection configuration error: Cannot insert rule into 
>>> iptables.
>>> 
>>> any idea?
>>> 
>>> ------------------------------------------------------------------------------
>>> Introducing Performance Central, a new site from SourceForge and 
>>> AppDynamics. Performance Central is your source for news, insights, 
>>> analysis and resources for efficient Application Performance Management. 
>>> Visit us today!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
>> ------------------------------------------------------------------------------
>> Introducing Performance Central, a new site from SourceForge and 
>> AppDynamics. Performance Central is your source for news, insights, 
>> analysis and resources for efficient Application Performance Management. 
>> Visit us today!
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 





More information about the Snort-users mailing list