I have been unable to get Snort to start and need someone to point me in the
right direction. Here is what I have done up to this point.
Performed a new (clean) install of CentOS 6.5 with all updates applied. Setup
for VLAN enforcement.
Perfomed the 'yum groupinstall --enablerepo .. Packetfence-complete' install
as per the manual
I downgraded to 'perl-Moose-2.1005' file
Disabled the OS from starting Snort.
Setup eth1 for use as the 'monitor' interface
ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=x.x.x.x
tested that interface was up via "snort -v -i eth1" .. it is operational
Added eth1 in the pf.conf file manually
not sure if it needs additonal info ..
[interface eth1]
type=monitor
Downloaded some rules via the 'update_rules.pl' script in the
'../addons/snort' directory
There are rules in the ../conf/snort directory.
Enabled trapping via "detection-enabled" and set a "trapping range" and set
the engine to "snort"
I applied the patch via another post to the snort.pm file ...
"pf_conf_trapping_engine" because I could not get packetfence to call snort.
It now calls (attempts) to start snort, but I get the following error in my
'/var/log/messages' file
FATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf/snort.conf":
No such file or directory.
Thus, something is missing ... because the 'snort.conf' file does not get
created.
What could be the issue?
Randy
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
