sampath,
Can you run the following commands and send me the output
/usr/sbin/service snortd status
/usr/local/pf/bin/pfcmd service snortd status
James
James Rouzier
[email protected] :: +1.514.755.3630 :: http://www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://www.packetfence.org)
On 2/6/2014, 12:39 AM, sampath jayashantha wrote:
Sorry James,
My mistake. Patching Done successfully. When i start packetfence i can
see that snort is running with commend service snortd status.
But packetfence status show it as
service|shouldBeStarted|pid
memcached|1|16013
httpd.admin|1|16023
httpd.webservices|1|16046
httpd.portal|1|16063
httpd.proxy|0|0
pfdns|1|16093
dhcpd|1|16096
pfdetect|1|16101
snort|1|0
suricata||0
radiusd|1|0
snmptrapd|1|16112
pfsetvlan|1|16116
pfdhcplistener|1|16138 16139 16140
pfmon|1|16165
Is it Normal ????
On Wed, Feb 5, 2014 at 4:51 PM, sampath jayashantha
<[email protected] <mailto:[email protected]>> wrote:
Any update regarding this issue ? I'm also having the same issue
with my packetfence box.
service|shouldBeStarted|pid
memcached|1|11287
httpd.admin|1|11297
httpd.webservices|1|11340
httpd.portal|1|11357
httpd.proxy|0|0
pfdns|1|11387
dhcpd|1|11390
pfdetect|1|11395
snort|0|0
suricata|0|0
radiusd|1|0
snmptrapd|1|11400
pfsetvlan|1|11404
pfdhcplistener|1|11427 11428 11429
pfmon|1|11468
How to enable it ? Any clue.
On Tue, Jan 28, 2014 at 8:44 PM, Carlos Alonso <[email protected]
<mailto:[email protected]>> wrote:
Thank your for your help. These are the answers to your questions
> Can you post your pf.conf , did you set a monitor interface ?
>
> Fabrice
Yes I did. The inline interface is also the monitor interface.
This what
I did in PF3.6 and worked perfectly
Is this not posible in PF4.1 ? I have not upgraded, It is a new
installation though.
XXXX means hidden for security
[general]
domain=XXXX
hostname=nac
dnsservers=XXXX
dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
locale=es_ES
timezone=Europe/Madrid
[trapping]
range=10.0.0.0/16 <http://10.0.0.0/16>, 192.68.0.0/16
<http://192.68.0.0/16>
detection=enabled
interception_proxy=enabled
[registration]
button_text=Registro
[alerting]
emailaddr=XXXX
smtpserver=XXXX
[database]
pass=XXXX
[captive_portal]
network_detection=disabled
[interface eth0.802]
ip= XXXX
type=management
mask=255.255.255.0
[interface eth0.818]
enforcement=inline
ip=192.168.18.1
type=internal,monitor
mask=255.255.255.0
[interface eth0.819]
enforcement=vlan
ip=192.168.19.1
type=internal
mask=255.255.255.0
[interface eth0.820]
enforcement=vlan
ip=192.168.20.1
type=internal
mask=255.255.255.0
> Can you see if Snort can start when you run it by hand?
>
> /usr/local/bin/snort -d -i eth1 -u root -g snort -c
/etc/snort/snort.conf -l
> /var/log/snort
If I run it by hand it works:
>/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
/etc/snort/snort.conf -l /var/log/snort/
...
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.2.2 IPv6 GRE (Build 121)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using libpcap version 1.3.0
Using PCRE version: 8.30 2012-02-04
Using ZLIB version: 1.2.7
Rules Engine: SF_SNORT_DETECTION_ENGINE Version
1.15 <Build 18>
Preprocessor Object: SF_SMTP (IPV6) Version 1.1
<Build 9>
Preprocessor Object: SF_REPUTATION (IPV6) Version
1.1 <Build 1>
Preprocessor Object: SF_SSLPP (IPV6) Version 1.1
<Build 4>
Preprocessor Object: SF_IMAP (IPV6) Version 1.0
<Build 1>
Preprocessor Object: SF_DNP3 (IPV6) Version 1.1
<Build 1>
Preprocessor Object: SF_SSH (IPV6) Version 1.1
<Build 3>
Preprocessor Object: SF_DCERPC2 (IPV6) Version
1.0 <Build 3>
Preprocessor Object: SF_SDF (IPV6) Version 1.1
<Build 1>
Preprocessor Object: SF_DNS (IPV6) Version 1.1
<Build 4>
Preprocessor Object: SF_MODBUS (IPV6) Version 1.1
<Build 1>
Preprocessor Object: SF_POP (IPV6) Version 1.0
<Build 1>
Preprocessor Object: SF_FTPTELNET (IPV6) Version
1.2 <Build 13>
Preprocessor Object: SF_GTP (IPV6) Version 1.1
<Build 1>
Preprocessor Object: SF_SIP (IPV6) Version 1.1
<Build 1>
Commencing packet processing (pid=2481)
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into
actionable
security intelligence. It gives you real-time visual feedback
on key
security issues and trends. Skip the complicated setup -
simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê
SAM
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê +ð §hårê : Wê Lðvê +ð §hårê
SAM
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
