[Snort-users] Snort and Proxmox

Jeremy Hoel jthoel at ...11827...
Mon Jan 28 14:12:58 EST 2013


You should start with running TCPdump on the listening interface on
the snort box to make sure it's seeing the packets you expect it to
see.



On Mon, Jan 28, 2013 at 5:12 PM, Josh Bitto <jbitto at ...16055...> wrote:
> Hello Everyone,
>
>
>
> I’m new on using snort and I’m needing to lean on your expertise. We’ve
> decided to use snort on our network and in doing so I’ve setup a small test
> lab away from the actual network to see how this IDS works. So here’s the
> problem…..I can’t get snort to show any logs. I want to be able to see if
> it’s actually working or not.
>
>
>
> I set up a stand-alone server with proxmox on it.
>
>
>
> Created 2 VM’s
>
>
>
> One is Pfsense
>
> The other is just a xp machine.
>
>
>
> In proxmox interface.conf looks like this.
>
>
>
> Config looks like this:
>
> Auto lo
>
> Iface lo inet loopback
>
>
>
> Auto VMbr0
>
> Iface vmbr0 inet static
>
>                 Address 192.168.3.15
>
>                 Netmask  255.255.252.0
>
>                 Gateway 192.168.1.1
>
>                 Bridge_ports eth0
>
>                 Bridge_stp off
>
>                 Bridge_fd 0
>
>
>
> Auto vmbr1
>
> Iface vmbr1 inet manual
>
>                 Bridge_ports eth1
>
>                 Bridge_stp off
>
>                 Bridge_fd 0
>
>
>
>
>
> I did everything to spec in pfsense….its pretty straight forward.
>
> 1.       Setup the interface on pfsense to match in proxmox
>
> 2.       Downloaded the snort package
>
> 3.       Obtained a oinkmaster code
>
> 4.       Created the WAN interface in snort.
>
> 5.       Checked ALL the rules to activate them.
>
> 6.       Even restarted both pfsense and the snort service.
>
>
>
> I just for some reason can’t get the darn thing to log events….as a test. I
> activated teamviewer rules and tried to block an event and couldn’t get it
> to do that. So my thinking is….Its somewhere at the interface. I just don’t
> know what I need to do. Any help would be greatful!
>
>
>
>
>
>
>
> Josh
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list