[Snort-users] Snort and Proxmox

Josh Bitto jbitto at ...16055...
Mon Jan 28 12:12:21 EST 2013


Hello Everyone,

I'm new on using snort and I'm needing to lean on your expertise. We've decided to use snort on our network and in doing so I've setup a small test lab away from the actual network to see how this IDS works. So here's the problem.....I can't get snort to show any logs. I want to be able to see if it's actually working or not.

I set up a stand-alone server with proxmox on it.

Created 2 VM's

One is Pfsense
The other is just a xp machine.

In proxmox interface.conf looks like this.

Config looks like this:
Auto lo
Iface lo inet loopback

Auto VMbr0
Iface vmbr0 inet static
                Address 192.168.3.15
                Netmask  255.255.252.0
                Gateway 192.168.1.1
                Bridge_ports eth0
                Bridge_stp off
                Bridge_fd 0

Auto vmbr1
Iface vmbr1 inet manual
                Bridge_ports eth1
                Bridge_stp off
                Bridge_fd 0


I did everything to spec in pfsense....its pretty straight forward.

1.       Setup the interface on pfsense to match in proxmox

2.       Downloaded the snort package

3.       Obtained a oinkmaster code

4.       Created the WAN interface in snort.

5.       Checked ALL the rules to activate them.

6.       Even restarted both pfsense and the snort service.

I just for some reason can't get the darn thing to log events....as a test. I activated teamviewer rules and tried to block an event and couldn't get it to do that. So my thinking is....Its somewhere at the interface. I just don't know what I need to do. Any help would be greatful!



Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130128/7272521b/attachment.html>


More information about the Snort-users mailing list