Hi,
Tanks for your help, but I have already this folder "/usr/local/pf/conf", when
I have download the packetfence packet have already install Snort.
I have succeed to create a packetfence violation (trap and log in
"/usr/local/pf/logs/violation.log"), but I don't arrive to configure correctly
a Snort violation.
I have write this rule : log tcp any any -> $HOME_NET any (msg:"Test
tcp";sid:2001815;)
In this file : /usr/local/pf/conf/snort/test/rules
I have add this line : include $RULE_PATH/test.rules in
/usr/local/pf/conf/snort.conf for load the previous file by snort
I have add this :
[2001815]
desc=Test tcp
priority=4
url=/remediation.php?template=generic
enabled=Y
trigger=Detect::2001815
actions=log,trap
window=
vclose=
in /usr/local/pf/conf/violations.conf
I connect a computer to PF, I try to browse and PF have display this :
/remediation.php?template=generic
so it's necessarily the violation number 2001815 who permit this display
because because there is any other rule who display the page.
But I don't find any log of Snort and PF about this...
I have search here :
/var/log/messages
/usr/local/pf/var
/var/log/snort/alert
/usr/local/pf/logs/violations.log
Tanks for your help :)
Simon
Date: Mon, 6 May 2013 08:27:56 -0400
From: [email protected]
To: [email protected]
Subject: Re: [PacketFence-users] Problem with Snort and PacketFence
Hi French Guy,
you have to install packetfence-remote-snort-sensor on your snort
server.
When it done configure it (/usr/local/pf/conf) and don´t forget to
define a username and password for the webservice.
Regards
Fabrice
Le 2013-05-05 08:37, ŠÅ¥ĈΈ ® a écrit :
Hello everybody,
I am french, and currently I realize my internship during which
I do deploy PacketFence and Snort on a network of test and later
on a true network.
I have configure the captive portal and the local identification
, and now I try to configure Snort for it work with PacketFence,
but I don't arrive.
I use a computer with Debian Squeeze/6.0 and I apply this :
http://www.packetfence.org/support/faqs/article/how-to-install-packetfence-on-debian.html?no_cache=1&cHash=b29a0dd1f6344f2d28708e3db642c5db
for install packetfence.
I have ever read thePacketFence Administration Guide and the
offical document of Snort.
I am able to use Snort alone, but when it detect an evenment it
don't "alert" packetFence
Can you give all the necessary steps which I need to do to
configure Snort and PacketFence together.
Sincerely
Simon.
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
