Re: Multipal configurations: ids and ips modes.

[Y M <snort () outlook com>]

For inline operation, the daq_mode must be set to inline instead of passive, daq_mode: inline. Change that in the 
config file that is purposed to be used for inline operation.
I do not have the enough experience to help with the way the "multiple configuration" feature you are attempting to 
use. May be someone else can help.
Thank.YM

Date: Tue, 7 May 2013 12:31:02 +0400
From: jktu17 () gmail com
To: snort-users () lists sourceforge net
Subject: [Snort-users] Multipal configurations: ids and ips modes.

Hello
I have snort 2.9.3.1 and afpacket daq installed. 

MY GOAL:

1. create several (e.g. 2) configurations of snort using "config binding"

2. have different modes in this configuration, for exeample: conf1 will run in tap mode and conf2 (binded) will run in 
inline mode.
3.only on snort process must be run to acheive this goal



QUESTIONS: 

1. Is it possible? I could'nt do it, because i need to specify "-Q" flag for inline mode which is global and have the 
next problems:

1.to run snort in inline i need to specify "-Q" (w/o it snort complains: "Adapter is in Passive Mode. Hence switching 
policy mode to tap.")

2.but with -Q switch i have an error from conf1:  "FATAL ERROR: DAQ 'passive' mode incompatible with -Q! "

PS: from manual: config daq_* options is not configuration-specific and they are global; but config policy_mode is 
config-specific and may differ in case of multi-configurations config; so this is the problem.


PPS:
Here is my config (only topic-related things):

File /etc/conf1.conf:
config daq_dir : /usr/lib/daq
config daq : afpacket
config daq_mode : passive
config policy_mode : tap

config interface : eth1
config binding : /etc/conf2.conf net 10.0.0.0/24
config policy_version : base-version
config policy_id : 0

File /etc/conf2.conf:
config policy_mode : inline

config interface : eth1:eth2
config policy_version : base-version sub-version
config policy_id : 1


2. Another question: in case of multiple configurations: is it necessary to include "config policy_id" options in each 
configurations and is option "config policy_version :" is necessary ? May be I only need to use "config binding FILE 
net IP" ?





------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!