Can you post your pf.conf , did you set a monitor interface ? Fabrice
Le 2014-01-22 08:56, Carlos Alonso a écrit : > Yes I did. > > root@nac:~# cat /usr/local/pf/conf/pf.conf > ... > # > # trapping.detection > # > # Enables snort-based worm detection. If you don't have a span interface > available, don't bother enabling it. If you do, > # you'll most definately want this on. > detection=enabled > # > > ... > > That's why pfdtect starts, but I don't know why snort doesn't > > >> Hello Carlos, >> did you enable detection in configuration -> Trapping ? >> >> Regards >> Fabrice >> I am using PacketFence 4.1 in debian wheezy. Snort-based worm >> detection is enabled but packetfence doesn't start snort. >> The rules are up to date in /usr/local/pf/conf/snort >> >> This is what I have tried: >> >> root@nac:~# ls -l /usr/sbin/snort >> -rwxr-xr-x 1 root root 1334992 ago 8 2012 /usr/sbin/snort >> root@nac:~# /usr/local/pf/bin/pfcmd service pfdetect status >> service|shouldBeStarted|pid >> pfdetect|1|5893 >> root@nac:~# /usr/local/pf/bin/pfcmd service snort status >> service|shouldBeStarted|pid >> snort|0|0 >> root@nac:~# /usr/local/pf/bin/pfcmd service snort start >> service|command >> memcached|already started >> httpd.admin|already started >> root@nac:~# /usr/local/pf/bin/pfcmd service snort status >> service|shouldBeStarted|pid >> snort|0|0 >> >> There are no logs about snort in any file in /var/log/* or >> /usr/local/pf/logs/* so I don't know what to do >> >> Is there anything that I am missing ? >> >> Thank you >> > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
