[Snort-users] What to do?

James Lay jlay at ...13475...
Fri Nov 22 07:29:54 EST 2013


On Nov 21, 2013, at 6:56 AM, Ellad G. Yatsko <eyatsko at ...16592...> wrote:

> Hello James! Thank you for reply.
> 
> I forgot to mention that I compiled Snort (along with daq and libdnet) 
> latest version from www.snort.org. But with the same effect.
> It was in "previous Ubuntu Server's life". Also from scratch. Recipe 
> I've found in "assets" on snort.org.
> 
> But... I wanted to ask you, do you run Snort in inline mode? :-) I begin 
> to think that the matter is in Snort, system or IPTables
> configurations. That I need to set up something else, besides Snort.
> 
> Kind regards,
> Ellad
>> On Nov 21, 2013, at 2:27 AM, Ellad G. Yatsko <eyatsko at ...16592...> wrote:
>> 
>>> Hello!
>>> 
>>> We have Ubuntu Server 12.04.1 LTS with snort 2.9.2 - both installed from
>>> scratch. Snort 2.9.2 distribution is native for this Ubuntu Release.
>>> 
>>> ~# snort --daq-list
>>> Available DAQ modules:
>>> pcap(v3): readback live multi unpriv
>>> ipfw(v2): live inline multi unpriv
>>> dump(v1): readback live inline multi unpriv
>>> afpacket(v4): live inline multi unpriv
>>> ~#
>>> 
>> [redacted]
>>> Please, help... :-)
>>> 
>>> Kind regards,
>>> Ellad Yatsko
>>> 
>>> 
>> I run the same OS, and while Ubuntu is great for keeping some things up to date, at the speed at which Snort is updated, you’re only real option is to go from source.  2.9.2 is ancient…I’d install 2.9.5.5 so you can get the full ruleset.  Keep in mind it’s not going to be pretty as you’ll most likely have to rip out the current Snort.
>> 
>> James
>> 

What does:

snort —version

show you?

James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131122/e2536371/attachment.sig>


More information about the Snort-users mailing list