Re: [PacketFence-users] snort doesn't start PF4.1 Debian

Wed, 05 Feb 2014 09:32:53 -0800 

Hi Sampath,

Try this patch and let me know if it works

https://github.com/inverse-inc/packetfence/commit/d0de4fa74b58e70de6941f9a871198be8ccbe13f.diff



James Rouzier
[email protected] :: +1.514.755.3630  ::  http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://www.packetfence.org)

On 2/5/2014, 6:21 AM, sampath jayashantha wrote:
Any update regarding this issue ? I'm also having the same issue with my packetfence box. 

service|shouldBeStarted|pid
memcached|1|11287
httpd.admin|1|11297
httpd.webservices|1|11340
httpd.portal|1|11357
httpd.proxy|0|0
pfdns|1|11387
dhcpd|1|11390
pfdetect|1|11395
snort|0|0
suricata|0|0
radiusd|1|0
snmptrapd|1|11400
pfsetvlan|1|11404
pfdhcplistener|1|11427 11428 11429
pfmon|1|11468


How to enable it ? Any clue.
On Tue, Jan 28, 2014 at 8:44 PM, Carlos Alonso <[email protected] <mailto:[email protected]>> wrote: 

      Thank your for your help. These are the answers to your questions


    > Can you post your pf.conf , did you set a monitor interface ?
    >
    > Fabrice
    Yes I did. The inline interface is also the monitor interface.
    This what
    I did in PF3.6 and worked perfectly
    Is this not posible in PF4.1 ? I have not upgraded, It is a new
    installation though.

    XXXX means hidden for security

    [general]
    domain=XXXX
    hostname=nac
    dnsservers=XXXX
    dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
    locale=es_ES
    timezone=Europe/Madrid
    [trapping]
    range=10.0.0.0/16 <http://10.0.0.0/16>, 192.68.0.0/16
    <http://192.68.0.0/16>
    detection=enabled
    interception_proxy=enabled
    [registration]
    button_text=Registro
    [alerting]
    emailaddr=XXXX
    smtpserver=XXXX
    [database]
    pass=XXXX
    [captive_portal]
    network_detection=disabled

    [interface eth0.802]
    ip= XXXX
    type=management
    mask=255.255.255.0

    [interface eth0.818]
    enforcement=inline
    ip=192.168.18.1
    type=internal,monitor
    mask=255.255.255.0

    [interface eth0.819]
    enforcement=vlan
    ip=192.168.19.1
    type=internal
    mask=255.255.255.0

    [interface eth0.820]
    enforcement=vlan
    ip=192.168.20.1
    type=internal
    mask=255.255.255.0


    > Can you see if Snort can start when you run it by hand?
    >
    > /usr/local/bin/snort -d -i eth1 -u root -g snort -c
    /etc/snort/snort.conf -l
    > /var/log/snort

    If I run it by hand it works:
     >/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
    /etc/snort/snort.conf -l /var/log/snort/
    ...
             --== Initialization Complete ==--

        ,,_     -*> Snort! <*-
       o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121)
        ''''    By Martin Roesch & The Snort Team:
    http://www.snort.org/snort/snort-team
                Copyright (C) 1998-2012 Sourcefire, Inc., et al.
                Using libpcap version 1.3.0
                Using PCRE version: 8.30 2012-02-04
                Using ZLIB version: 1.2.7

                Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15
    <Build 18>
                Preprocessor Object: SF_SMTP (IPV6)  Version 1.1 <Build 9>
                Preprocessor Object: SF_REPUTATION (IPV6)  Version 1.1
    <Build 1>
                Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1
    <Build 4>
                Preprocessor Object: SF_IMAP (IPV6)  Version 1.0 <Build 1>
                Preprocessor Object: SF_DNP3 (IPV6)  Version 1.1 <Build 1>
                Preprocessor Object: SF_SSH (IPV6)  Version 1.1 <Build 3>
                Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0
    <Build 3>
                Preprocessor Object: SF_SDF (IPV6)  Version 1.1 <Build 1>
                Preprocessor Object: SF_DNS (IPV6)  Version 1.1 <Build 4>
                Preprocessor Object: SF_MODBUS (IPV6)  Version 1.1
    <Build 1>
                Preprocessor Object: SF_POP (IPV6)  Version 1.0 <Build 1>
                Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2
    <Build 13>
                Preprocessor Object: SF_GTP (IPV6)  Version 1.1 <Build 1>
                Preprocessor Object: SF_SIP (IPV6)  Version 1.1 <Build 1>
    Commencing packet processing (pid=2481)






    
------------------------------------------------------------------------------
    WatchGuard Dimension instantly turns raw network data into actionable
    security intelligence. It gives you real-time visual feedback on key
    security issues and trends.  Skip the complicated setup - simply
    import
    a virtual appliance and go from zero to informed in seconds.
    http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
    _______________________________________________
    PacketFence-users mailing list
    [email protected]
    <mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
..........................................................................................

There is always some one who know more Than us out there.

Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê



SAM


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to