PF Folks,
I have installed snort via yum install snort and enabled detection under the
trapping tab. I then set eth1 to be the monitoring interface. However, I do not
see Snort in the services gui at all and it does appear to be running. I am
running Centos 6.4 and PF 4.1.
Below are my configs for pf.conf and network.conf. Anything suggestions on how
to fix it?
[XXX@XXX]# cat pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=XXXX
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=XXXX
#
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow
queries to these servers from even "trapped" nodes.
dnsservers=XX.XXX.10.246
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP
transactions from even "trapped" nodes.
dhcpservers=XX.XXX.10.246
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=XX.XXX.11.0/24, XX.XXX.12.0/24, XX.XXX.15.0/24
#
# trapping.detection
#
# Enables snort-based worm detection. If you don't have a span interface
available, don't bother enabling it. If you do,
# you'll most definately want this on.
detection=enabled
[registration]
#
# registration.range
#
#
range=XX.XXX.12.0/24
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=XXXXX
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=XXXXXXXX
[inline]
#
# inline.interfaceSNAT
# Choose the interface(s) you want to use to enable snat (by default it´s the
management interface)
interfaceSNAT=eth0
[interface eth0.11]
enforcement=inline
ip=XX.XXX.11.249
type=internal
mask=255.255.255.0
gateway=XX.XXX.11.254
[interface eth0.10]
ip=XX.XXX.10.249
type=management
mask=255.255.255.0
gateway=XX.XXX.10.254
[interface eth1]
mask=255.255.0.0
type=monitor
[interface eth0.12]
enforcement=vlan
ip=XX.XXX.12.249
type=internal
mask=255.255.255.0
[interface eth0.13]
enforcement=vlan
ip=XX.XXX.13.249
type=internal
mask=255.255.255.0
-------------------------------------------
[XXX@XXX conf]# cat networks.conf
[XX.XXX.11.0]
dns=XX.XXX.10.246
dhcp_start=XX.XXX.11.10
gateway=XX.XXX.11.249
domain-name=inline.XXXXX.XXX
named=enabled
dhcp_max_lease_time=86400
dhcpd=enabled
type=inline
netmask=255.255.255.0
dhcp_end=XX.XXX.11.246
dhcp_default_lease_time=86400
[XX.XXX.12.0]
dns=XX.XXX.12.249
dhcp_start=XX.XXX.12.10
gateway=XX.XXX.12.249
domain-name=vlan-registration.XXXXX.XXX
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=XX.XXX.12.246
dhcp_default_lease_time=30
[XX.XXX.13.0]
dns=XX.XXX.13.249
dhcp_start=XX.XXX.13.10
gateway=XX.XXX.13.249
domain-name=vlan-isolation.XXXXX.XXX
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=XX.XXX.13.246
dhcp_default_lease_time=30
Very Respectfully,
Jason
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
