[Snort-users] Snort-users Digest, Vol 108, Issue 2

Abdallah Jabbour abdjbr at ...11827...
Sun May 3 18:34:23 EDT 2015


yes they do !

On Sun, May 3, 2015 at 2:00 PM, <snort-users-request at lists.sourceforge.net>
wrote:

> Send Snort-users mailing list submissions to
>         snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>         snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> When responding, please don't respond with the entire Digest.  Please trim
> your response.
>
> Today's Topics:
>
>    1. Re: snort inline mode in CentOS 6.6 (James Lay)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 02 May 2015 07:25:22 -0600
> From: James Lay <jlay at ...13475...>
> Subject: Re: [Snort-users] snort inline mode in CentOS 6.6
> To: snort-users at lists.sourceforge.net
> Message-ID: <1430573122.4447.1.camel at ...16724...>
> Content-Type: text/plain; charset="utf-8"
>
> On Sat, 2015-05-02 at 12:46 +0200, Abdallah Jabbour wrote:
> > Hello ,
> >
> >
> >
> > i have installed snort on CentOS6.6 in a KVM Guest machine , it a
> > router/ firewall using iptables , i followed the installation and
> > configuration steps and tested the configuration file validity ( using
> > -T command line arg )
> >
> >
> >
> > i enabled inline mode :
> >
> >
> > in configuration file : i added and uncommented the following lines :
> >
> >  config policy_mode:inline
> >
> >  config daq: afpacket
> >  config daq_dir: /usr/lib64/daq/
> >  config daq_mode: inline
> >  config daq_var: buffer_size_mb=128
> >
> >
> > and also in /etc/sysconfig/snort
> >
> >
> > INTERFACE=eth0:eth1
> >
> >
> > and start the snort service
> >
> >
> > the network connection ( locally and to the internet ) is dropped i
> > cannot ping any host on the network .
> >
> >
> > i added some rules to /etc/snort/rules/local.rules
> >
> > to see if alerting is working , i can see alerts being written
> > to /var/log/snort/alert after i reboot the machine ( since there is no
> > network connectivity ) .
> >
> >
> > i know that inline mode will put the network interfaces eth0 and eth1
> > in promiscuous mode and will bridge the network connection to get the
> > network traffic . is there anything i am missing my setup  ?
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
> To eth0 and eth1 have IP addresses assigned?
>
> James
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 108, Issue 2
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150504/1af9c043/attachment.html>


More information about the Snort-users mailing list