Hi Brian,
First you need to define in pf.conf a line detection=enabled under
[trapping] section. Then you can configure either in pf.conf.defaults or
pf.conf, under [services] you should create a line snort=enabled. Then you
need to apply this couple of patches,this was making me work around the
past week and I found that was a bug in 4.1 version,
https://www.mail-archive.com/[email protected]/msg05709.html,
follow the thread and you can find the couple of solutions, restart
packetfence and everything should work now.
Best regards,
On Tue, Mar 25, 2014 at 4:00 PM, Brian Candler <[email protected]> wrote:
> OK I'm being dense here, but the manual isn't helping me. This is PF
> 4.1.0 under Ubuntu 12.04 LTS.
>
> I want to start snort. I've done
>
> # apt-get install snort
>
> and it's running with default debian config for snort and oinkmaster.
> This gives snort 2.9.2. It writes alerts into /var/log/snort/alert, and
> it works. Presumably I need to stop it and let PF start it with its own
> config.
>
> However, as far as PacketFence is concerned, it doesn't seem to want to
> start it.
>
> * snort service is not listed as a service in the web UI (Status >
> Services)
>
> * command line says it should not be started
>
> # bin/pfcmd service snort status
> service|shouldBeStarted|pid
> snort|0|0
>
> * no snort configs have been expanded to /usr/local/pf/var/conf/
>
> Now, I have gone to the GUI and enabled Trapping > Detection. I have
> also created a monitor interface in pf.conf:
>
> [interface eth1]
> type=monitor
>
> and I've restarted packetfence (service packetfence restart). But no
> difference:
>
> # bin/pfcmd service snort status
> service|shouldBeStarted|pid
> snort|0|0
>
> Here's the restart output:
>
> # service packetfence restart
> * Restarting packetfence packetfence service|command
> httpd.admin|stop
> httpd.webservices|stop
> httpd.portal|stop
> httpd.proxy|already stopped
> pfdns|stop
> dhcpd|stop
> pfdetect|stop
> snort|already stopped
> suricata|already stopped
> radiusd|stop
> snmptrapd|stop
> pfsetvlan|stop
> pfdhcplistener|stop
> pfmon|stop
> memcached|stop
> service|command
> memcached|start
> httpd.admin|start
> Checking configuration sanity...
> httpd.webservices|start
> httpd.portal|start
> pfdns|start
> Internet Systems Consortium DHCP Server 4.1-ESV-R4
> Copyright 2004-2011 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> Wrote 1 leases to leases file.
> Listening on LPF/eth0.6/52:54:00:29:e2:f8/10.10.3.0/24
> Sending on LPF/eth0.6/52:54:00:29:e2:f8/10.10.3.0/24
> Listening on LPF/eth0.5/52:54:00:29:e2:f8/10.10.2.0/24
> Sending on LPF/eth0.5/52:54:00:29:e2:f8/10.10.2.0/24
> Listening on LPF/eth0.9/52:54:00:29:e2:f8/10.10.12.0/22
> Sending on LPF/eth0.9/52:54:00:29:e2:f8/10.10.12.0/22
> Sending on Socket/fallback/fallback-net
> dhcpd|start
> pfdetect|start
> radiusd|start
> snmptrapd|start
> pfsetvlan|start
> pfdhcplistener|start
> pfmon|start
>
> I've also checked that Configuration > Services > snort path, which is
> /usr/sbin/snort, is correct.
>
> # ls -l /usr/sbin/snort
> -rwxr-xr-x 1 root root 1338260 Feb 14 2012 /usr/sbin/snort
>
> and named pipe /usr/local/pf/var/alert does exist.
>
> Still no snort configs under /usr/local/pf/var/conf
>
> I'm a bit stuck now...
>
> Thanks,
>
> Brian.
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
MedelllĂn Colombia
*"Choose a job you love, and you will never have to work a day in your
life"*
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
