Hi Bryan,
Snort works well enough on Centos 6. I'm sure it works on other distros as well
since it is not exactly a new package.
This is what I replied to someone asking for guidance last week.
"Do you have detection enabled in "trapping"?
Have a look at /usr/local/pf/conf/pf.conf.defaults. A lot of variables and
their possible values are described in there.
Do not start snort at boot. Let PacketFence manage it.
Then of course you will have to have actual snort rules. Look under addons for
an oinkmaster config file as a starting point and place your rules under
conf/snort.
When it works, you will have snort sending alerts to a named pipe and pfdetect
reading from it and triggering violations.
Make sure you actually have some violations defined that match the snort ids of
the alerts you want to trigger upon."
When in doubt, start snort in the foreground and check the output.
Hope that helps,
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2013-12-09, at 9:22 , Bryan M <[email protected]> wrote:
> Hi,
>
> Will someone please let me know what OS (version) they are using with
> PacketFence (version) with Snort (version)working. I've tried Debian Wheezy
> (32 and 64 bit), Ubuntu Server 12.04.3 LTS (64 bit), Centos 6.5 (32 bit), and
> PacketFence ZEN (password does not work) without getting Snort to start by
> PacketFence. If you could include any important steps I would appreciate
> it. Like for Debian I had to install snmp-mibs-downloader.deb then install
> it. Not a big deal but not included in the install instructions.
>
> I was able to get Suricata to start on my Debian Wheezy installation but it
> didn't notify me when I used BitTorrent on the network, is this only a Snort
> rule?
>
> Thanks,
>
> Bryan
>
> PS
> Is anyone getting these? I have not heard a single response to all my emails
> I've been sending. Will someone please confirm these are being sent.
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
