Thanks Andrew. I put the parameter "monitor" in one of the interface and
that help removing the below error msg:
"FATAL - monitor interface not defined, please disable trapping.detection
or set an interface type=...,monitor in pf.conf"
However I was still not able to start snort within PF, with the following
commands:
[root@vmpf bin]# ./pfcmd service snort start
or
[root@vmpf bin]# ./pfcmd service snort restart
It gave me the output like this:
httpd.admin|already running
Checking configuration sanity...
service|command
config files|start
snort|start
And packetfence.log did not show any error msg. Looks like everything is
working fine, but when I showed the status of packetfence I could not see
the job
[root@vmpf bin]# service packetfence status
service|shouldBeStarted|pid
pfdns|1|3827
dhcpd|1|3804
pfdetect|1|4939
snort|1|0
suricata|0|0
radiusd|1|3814
httpd.webservices|1|3825
httpd.admin|1|3788
httpd.portal|1|3845
snmptrapd|1|3847
pfsetvlan|1|3892
pfdhcplistener|1|3887 3885 3886 3889
pfmon|1|3888
But I can start snort manually
[root@vmpf bin]# service snortd restart
Stopping snort: [ OK ]
Starting snort: Spawning daemon child...
My daemon child 5162 lives...
Daemon parent exiting
[ OK ]
[root@vmpf bin]# ps -ef | grep snort
snort 5162 1 0 12:19 ? 00:00:00 /usr/sbin/snort -A fast -b
-d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
root 5166 4538 0 12:20 pts/0 00:00:00 grep snort
[root@vmpf bin]#
What should I do to start it from PF?
Regards,
Jacky
On Sat, Nov 30, 2013 at 3:59 PM, Andrew Lukasiak
<[email protected]>wrote:
> I am not sure If I it is the right answer, but this is what I put in my
> pf.conf:
>
> [interface eth0.10]
> ip=172.16.10.1
> type=dhcp-listener, monitor
> gateway=172.16.10.254
> mask=255.255.255.0
>
> VLAN 10 is my regular VLAN. My management interface is eth0.
>
> I would like to monitor both my regular and guest vlan, but I am not sure
> if it is possible...
>
> Andrew
>
>
>
>
>
>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
