[Snort-users] What to do?
jlay at ...13475...
Fri Nov 22 07:29:54 EST 2013
On Nov 21, 2013, at 6:56 AM, Ellad G. Yatsko <eyatsko at ...16592...> wrote:
> Hello James! Thank you for reply.
> I forgot to mention that I compiled Snort (along with daq and libdnet)
> latest version from www.snort.org. But with the same effect.
> It was in "previous Ubuntu Server's life". Also from scratch. Recipe
> I've found in "assets" on snort.org.
> But... I wanted to ask you, do you run Snort in inline mode? :-) I begin
> to think that the matter is in Snort, system or IPTables
> configurations. That I need to set up something else, besides Snort.
> Kind regards,
>> On Nov 21, 2013, at 2:27 AM, Ellad G. Yatsko <eyatsko at ...16592...> wrote:
>>> We have Ubuntu Server 12.04.1 LTS with snort 2.9.2 - both installed from
>>> scratch. Snort 2.9.2 distribution is native for this Ubuntu Release.
>>> ~# snort --daq-list
>>> Available DAQ modules:
>>> pcap(v3): readback live multi unpriv
>>> ipfw(v2): live inline multi unpriv
>>> dump(v1): readback live inline multi unpriv
>>> afpacket(v4): live inline multi unpriv
>>> Please, help... :-)
>>> Kind regards,
>>> Ellad Yatsko
>> I run the same OS, and while Ubuntu is great for keeping some things up to date, at the speed at which Snort is updated, you’re only real option is to go from source. 2.9.2 is ancient…I’d install 18.104.22.168 so you can get the full ruleset. Keep in mind it’s not going to be pretty as you’ll most likely have to rip out the current Snort.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Snort-users