Snort mailing list archives
Re: snort help
From: Nick Moore <nmoore () sourcefire com>
Date: Thu, 23 Feb 2012 04:54:17 -0600
Jagan, I believe you need two interfaces, not just eth0 to do inline. If your second inline interface is eth1, then try something like this: snort -D —daq afpacket -Q -c /usr/local/snort/etc/snort.conf -i eth0:eth1 -l /var/log/snort Please note I didn't test it yet - have to build an inline setup for that and didn't have the time this morning. You can also try looking at some of the snort forums. There's been lots of discussion on this: https://forums.snort.org/forums/snort-newbies/topics/how-to-work-with-snort-ips Happy Snorting! Nick On Thursday, February 23, 2012, Jagan Mohan Reddy D wrote:
$ sudo /usr/local/snort/bin/snort -de -i eth0 --daq-dir /usr/local/lib/daq -l /var/log/snort/ -c /usr/local/snort/etc/snort.conf While using the above command i'm getting the following errors...... [ Number of patterns truncated to 20 bytes: 1041 ] ERROR: pcap DAQ does not support inline. Fatal Error, Quitting.. What's wrong in that command .....? Here i'm attaching my snort.conf can any one please help me on this error.... ---------------- thanks & regards D J M Reddy
-- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org www.immunet.com
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort help Jagan Mohan Reddy D (Feb 22)
- Re: snort help Nick Moore (Feb 23)