I am not sure If I it is the right answer, but this is what I put in my
pf.conf:
[interface eth0.10]
ip=172.16.10.1
type=dhcp-listener, monitor
gateway=172.16.10.254
mask=255.255.255.0
VLAN 10 is my regular VLAN. My management interface is eth0.
I would like to monitor both my regular and guest vlan, but I am not
sure if it is possible...
Andrew
On 13-11-29 05:22 PM, forbmsyn wrote:
I tried different command :
./pfcmd service snort restart
This time no error was found neither from CLI nor packetfence.log.
Everything seems working fine. Below is the log from packetfence.log.
Nov 29 17:13:56 pfcmd.pl <http://pfcmd.pl>(2322) INFO: Executing pfcmd
service snort restart (main::service)
Nov 29 17:13:56 pfcmd.pl <http://pfcmd.pl>(2322) INFO: snort
/usr/sbin/snort status (pf::services::service_ctl)
Nov 29 17:13:56 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pfdetect
/usr/local/pf/sbin/pfdetect status (pf::services::service_ctl)
Nov 29 17:13:56 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pidof -x
pfdetect returned 2321 (pf::services::getPidFromFile)
Nov 29 17:13:56 pfcmd.pl <http://pfcmd.pl>(2322) INFO: called
file_reload_violation_config
(pf::config::cached::file_reload_violation_config)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: snort
/usr/sbin/snort restart (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pfdetect
/usr/local/pf/sbin/pfdetect stop (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pfdetect
/usr/local/pf/sbin/pfdetect status (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pidof -x
pfdetect returned 2321 (pf::services::getPidFromFile)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: Sending TERM
signal to pfdetect with pid 2321 (pf::services::stopService)
Nov 29 17:13:57 pfdetect(2321) FATAL: caught SIGTERM - terminating
(main::normal_sighandler)
Nov 29 17:13:57 pfdetect(2321) INFO: stopping pfdetect (main::END)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pfdetect
/usr/local/pf/sbin/pfdetect status (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pidof -x
pfdetect returned 0 (pf::services::getPidFromFile)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: snort
/usr/sbin/snort stop (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: snort
/usr/sbin/snort status (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: pfdetect
/usr/local/pf/sbin/pfdetect start (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: Starting
pfdetect with '/usr/local/pf/sbin/pfdetect -d -p
/usr/local/pf/var/alert &' (pf::services::launchService)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: Daemon pfdetect
took 0.006 seconds to start. (pf::services::launchService)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: snort
/usr/sbin/snort start (pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: Generating
configuration file for snort (generate_snort_conf)
(pf::services::service_ctl)
Nov 29 17:13:57 pfcmd.pl <http://pfcmd.pl>(2322) INFO: generating
/usr/local/pf/conf/snort.conf (pf::services::snort::generate_snort_conf)
Nov 29 17:13:58 pfdetect(2327) INFO: pfdetect starting and writing
2330 to /usr/local/pf/var/run/pfdetect.pid (pf::util::createpid)
Nov 29 17:13:58 pfdetect(2330) INFO: initialized (main::)
However snort is still not started. Please see output below:
[root@vmpf bin]# ./pfcmd service snort status
service|shouldBeStarted|pid
*snort|1|0*
[root@vmpf conf]# service packetfence status
service|shouldBeStarted|pid
pfdns|1|2015
dhcpd|1|1794
pfdetect|1|2330
*snort|1|0*
suricata|0|0
radiusd|1|2045
httpd.webservices|1|1832
httpd.admin|1|1736
httpd.portal|1|2118
snmptrapd|1|2069
pfsetvlan|1|2078
pfdhcplistener|1|1909 1912 1910 1911
pfmon|1|2170
What should I do next to make it work?
Regards,
Jacky
On Fri, Nov 29, 2013 at 4:48 PM, forbmsyn <[email protected]
<mailto:[email protected]>> wrote:
When tried to start snort in CLI from the PF server I got the
following errors:
[root@vmpf bin]# ./pfcmd service snort start
httpd.admin|already running
Checking configuration sanity...
FATAL - monitor interface not defined, please disable
trapping.detection or set an interface type=...,monitor in pf.conf
Where should I set the interface type in pf.conf? I did not see
an sample from pf.conf.default. Can any one please shed me a light
on this? Thank you.
Regards,
Jacky
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
