OK I'm being dense here, but the manual isn't helping me. This is PF 4.1.0 under Ubuntu 12.04 LTS.
I want to start snort. I've done # apt-get install snort and it's running with default debian config for snort and oinkmaster. This gives snort 2.9.2. It writes alerts into /var/log/snort/alert, and it works. Presumably I need to stop it and let PF start it with its own config. However, as far as PacketFence is concerned, it doesn't seem to want to start it. * snort service is not listed as a service in the web UI (Status > Services) * command line says it should not be started # bin/pfcmd service snort status service|shouldBeStarted|pid snort|0|0 * no snort configs have been expanded to /usr/local/pf/var/conf/ Now, I have gone to the GUI and enabled Trapping > Detection. I have also created a monitor interface in pf.conf: [interface eth1] type=monitor and I've restarted packetfence (service packetfence restart). But no difference: # bin/pfcmd service snort status service|shouldBeStarted|pid snort|0|0 Here's the restart output: # service packetfence restart * Restarting packetfence packetfence service|command httpd.admin|stop httpd.webservices|stop httpd.portal|stop httpd.proxy|already stopped pfdns|stop dhcpd|stop pfdetect|stop snort|already stopped suricata|already stopped radiusd|stop snmptrapd|stop pfsetvlan|stop pfdhcplistener|stop pfmon|stop memcached|stop service|command memcached|start httpd.admin|start Checking configuration sanity... httpd.webservices|start httpd.portal|start pfdns|start Internet Systems Consortium DHCP Server 4.1-ESV-R4 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 1 leases to leases file. Listening on LPF/eth0.6/52:54:00:29:e2:f8/10.10.3.0/24 Sending on LPF/eth0.6/52:54:00:29:e2:f8/10.10.3.0/24 Listening on LPF/eth0.5/52:54:00:29:e2:f8/10.10.2.0/24 Sending on LPF/eth0.5/52:54:00:29:e2:f8/10.10.2.0/24 Listening on LPF/eth0.9/52:54:00:29:e2:f8/10.10.12.0/22 Sending on LPF/eth0.9/52:54:00:29:e2:f8/10.10.12.0/22 Sending on Socket/fallback/fallback-net dhcpd|start pfdetect|start radiusd|start snmptrapd|start pfsetvlan|start pfdhcplistener|start pfmon|start I've also checked that Configuration > Services > snort path, which is /usr/sbin/snort, is correct. # ls -l /usr/sbin/snort -rwxr-xr-x 1 root root 1338260 Feb 14 2012 /usr/sbin/snort and named pipe /usr/local/pf/var/alert does exist. Still no snort configs under /usr/local/pf/var/conf I'm a bit stuck now... Thanks, Brian. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
