Hi Alex,
Thanks for taking the time to look at my config. Below is the pf.conf
output. If you need to view any other files just let me know and I'll post
them. Thanks again.
[interface eth1]
enforcement=inline
ip=10.250.0.10
type=internal,monitor
mask=255.255.248.0
[interface eth0]
Alex,
After issuing the /etc/init.d/snort status, i receive the following.
*root@packetfence:~# /etc/init.d/snort status*
*Status of snort daemon(s): eth1 OK.*
*root@packetfence:~#*
So it seems that snort is running. Also, below is the output to
/var/log/messages and
Greetings,
I don't think these questions are new, but I can't seem to find anything via
Google, so my apologies if you've seen these before.
We have a fairly large MPLS based network with a significant number of edge
VLANs. I have 802.1x and MAB working already, so my next step is captive
Hello,
Am running packetfence on CentOS and alot of snort info gets logged to
/var/log/messages am not sure if this is just a Debian thing that the
messages log are clean.
One other test we could do is eliminate your switch and just plug the
LAN cable from the server directly into your laptop.
I didn't read the entire thread, but how do you send the traffic to the
SNORT box? Are you using a SPAN port?
Just listening on the VLAN is not sufficient if your device is not the
gateway.
On 2013-05-07 11:01 AM, Joe Arcidiacono wrote:
Alex,
After issuing the /etc/init.d/snort status, i