Snort mailing list archives
Snort and Proxmox
From: Josh Bitto <jbitto () onlineschool ca>
Date: Mon, 28 Jan 2013 09:12:21 -0800
Hello Everyone,
I'm new on using snort and I'm needing to lean on your expertise. We've decided to use snort on our network and in
doing so I've setup a small test lab away from the actual network to see how this IDS works. So here's the
problem.....I can't get snort to show any logs. I want to be able to see if it's actually working or not.
I set up a stand-alone server with proxmox on it.
Created 2 VM's
One is Pfsense
The other is just a xp machine.
In proxmox interface.conf looks like this.
Config looks like this:
Auto lo
Iface lo inet loopback
Auto VMbr0
Iface vmbr0 inet static
Address 192.168.3.15
Netmask 255.255.252.0
Gateway 192.168.1.1
Bridge_ports eth0
Bridge_stp off
Bridge_fd 0
Auto vmbr1
Iface vmbr1 inet manual
Bridge_ports eth1
Bridge_stp off
Bridge_fd 0
I did everything to spec in pfsense....its pretty straight forward.
1. Setup the interface on pfsense to match in proxmox
2. Downloaded the snort package
3. Obtained a oinkmaster code
4. Created the WAN interface in snort.
5. Checked ALL the rules to activate them.
6. Even restarted both pfsense and the snort service.
I just for some reason can't get the darn thing to log events....as a test. I activated teamviewer rules and tried to
block an event and couldn't get it to do that. So my thinking is....Its somewhere at the interface. I just don't know
what I need to do. Any help would be greatful!
Josh
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and Proxmox Josh Bitto (Jan 28)
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Message not available
- Message not available
- Message not available
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Re: Snort and Proxmox Josh Bitto (Jan 28)
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Re: Snort and Proxmox Josh Bitto (Jan 28)
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Re: Snort and Proxmox Josh Bitto (Jan 28)
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Re: Snort and Proxmox Josh Bitto (Jan 28)
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)
- Message not available
- Re: Snort and Proxmox Jeremy Hoel (Jan 28)