Hello Carlos, Can you see if Snort can start when you run it by hand? /usr/local/bin/snort -d -i eth1 -u root -g snort -c /etc/snort/snort.conf -l /var/log/snort
regards, Loick -- [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) gtalk or skype : lpelet.inverse On Jan 22, 2014, at 11:25 AM, Fabrice DURAND <[email protected]> wrote: > Can you post your pf.conf , did you set a monitor interface ? > > Fabrice > > Le 2014-01-22 08:56, Carlos Alonso a écrit : >> Yes I did. >> >> root@nac:~# cat /usr/local/pf/conf/pf.conf >> ... >> # >> # trapping.detection >> # >> # Enables snort-based worm detection. If you don't have a span interface >> available, don't bother enabling it. If you do, >> # you'll most definately want this on. >> detection=enabled >> # >> >> ... >> >> That's why pfdtect starts, but I don't know why snort doesn't >> >> >>> Hello Carlos, >>> did you enable detection in configuration -> Trapping ? >>> >>> Regards >>> Fabrice >>> I am using PacketFence 4.1 in debian wheezy. Snort-based worm >>> detection is enabled but packetfence doesn't start snort. >>> The rules are up to date in /usr/local/pf/conf/snort >>> >>> This is what I have tried: >>> >>> root@nac:~# ls -l /usr/sbin/snort >>> -rwxr-xr-x 1 root root 1334992 ago 8 2012 /usr/sbin/snort >>> root@nac:~# /usr/local/pf/bin/pfcmd service pfdetect status >>> service|shouldBeStarted|pid >>> pfdetect|1|5893 >>> root@nac:~# /usr/local/pf/bin/pfcmd service snort status >>> service|shouldBeStarted|pid >>> snort|0|0 >>> root@nac:~# /usr/local/pf/bin/pfcmd service snort start >>> service|command >>> memcached|already started >>> httpd.admin|already started >>> root@nac:~# /usr/local/pf/bin/pfcmd service snort status >>> service|shouldBeStarted|pid >>> snort|0|0 >>> >>> There are no logs about snort in any file in /var/log/* or >>> /usr/local/pf/logs/* so I don't know what to do >>> >>> Is there anything that I am missing ? >>> >>> Thank you >>> >> >> ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In Between. >> Get a Quote or Start a Free Trial Today. >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
