Snort mailing list archives
Re: Question for the Guru's
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 17 Nov 2011 09:52:39 -0500
We would be welcome to any in-line documentation someone would like to provide. We currently just don't have the time to be able to sit down and write it. Sent from my iPhone On Nov 16, 2011, at 6:02 PM, John Liss <john () lissproductions com> wrote:
<snip>Yes Snort does the bridging. You do not create a bridge as daq does that for you. I simply (after asking the same question) added this into snort.conf: config daq: afpacket config daq_dir: /usr/lib64/daq config daq_mode: inline config daq_var: buffer_size_mb=256 Where you spec eth0:eth1 ( or whatever) can be distro specific. I would imagine using NFQ would offer more control via iptables but have yet to push down that road. Af-packet works well. -BillThanks Bill! I'm off in the right direction! -JohnThanks again Bill for the boot in the right direction! Ubuntu 10.04 LTS is working great with 2.9.1.2 using afpacket. Drops packets wonderfully where told to do so : ]] I guess someone needs (possibly me) to toss something to the snort-team () sourcefire com for a inline config doc. -John ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's Joel Esler (Nov 14)
- Re: Question for the Guru's carlopmart (Nov 14)
- Re: Question for the Guru's NA (Nov 14)
- Re: Question for the Guru's carlopmart (Nov 14)
- Re: Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's NA (Nov 14)
- Re: Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's John Liss (Nov 16)
- Re: Question for the Guru's Joel Esler (Nov 17)
- Re: Question for the Guru's NA (Nov 14)