> On Feb 24, 2016, at 10:08 , Nathan, Josh <[email protected]> wrote:
>
> Thanks for the reply Louis! I actually ended up having to use the
> /usr/local/pf/var/conf/snort.conf file as it didn't like the variables, etc,
> in the pre-processed version.
>
That is actually my mistake.
The patch really should be the one under var/conf/.
> It is NOT showing any bittorrent activity.
>
> I'm sorry to say that I'm not sure where to look to figure out why it's not
> working. I guess I've relied too much on it working "out of the box". Where
> should I start for figuring out why Snort isn't detecting bittorrents?
>
Make sure traffic is actually forwarded to the interface that snort is
listening to.
Does snort show actual packets being seen and counted in it’s statistics?
The way I handle these issues usually is to start with a fake known signature.
Something along the lines of
alert ip any any -> any any ( msg: "ICMP packet detected!"; sid: 1; )
added to the local rules under conf/snort/
Should detect any ICMP packet seen by the interface.
You could then ping your gateway and (assuming that traffic is forwarded to
snort) it should detect it.
That would demonstrate that rules processing is actually working.
It’s then a matter of making sure you have a rule to match bittorrent.
Check your snort.conf to see which rules are included.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
