Ok so now can you check if there is something in
/usr/local/pf/logs/pfdetect.log ?
Le 2015-02-20 05:43, Rosario Ippolito a écrit :
Ok Fabrice, now I can see the alert for the rule alert tcp any any any
80 (msg: Test rule; sid: 101;) , but PacketFence doing nothing with
this violation
•
Téléphone: (514) 920-2511 •
Hewlett-Packard Company
2344 Alfred-Nobel, 2e étage
Montréal, QC, H4S 0A4
Canada
[HP]http://www.hp.com/
From: Rosario Ippolito [mailto:sarrus.ippol...@gmail.com]
Sent: Thursday, February 19, 2015 7:47 AM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users
Hello everybody PacketFence's users,
I have to ask some questions about Snort (Version 2.9.1.2) in PacketFence
4.6, deployed in out-of-band (Vlan Enforcement) mode. I have followed the
Guide step by step, so:
1- I have enabled detection and select Snort as detection engine.
2- I have configured
Ok so this must be fixed before trying to make pfdetect work with snort.
It should work but can you try to remove the alert file and restart
snort and check with cat what appear inside (you probably have to wait
until a detection occur).
If the alert file is not there then touch alert (or mkfifo
Ok, thanks a lot Fabrice! I'll try and let you know.
Kind Regards,
Rosario Ippoito
2015-02-19 16:22 GMT+01:00 Fabrice DURAND fdur...@inverse.ca:
Ok so this must be fixed before trying to make pfdetect work with snort.
It should work but can you try to remove the alert file and restart
snort
I mean rules in snort , not in violations.conf
Le 2015-02-19 11:28, Rosario Ippolito a écrit :
Ok, I will enable all violation from violations.conf and I let you
know! Thanks you again for your support Fabrice!
Best Regards,
Rosario
2015-02-19 17:20 GMT+01:00 Fabrice DURAND
Ok so to be sure that snort works let´s enable all the rules in snort
and restart it and do a cat on the alert file (or tail -f )
Le 2015-02-19 11:09, Rosario Ippolito a écrit :
This is the output from lsof /usr/local/pf/var/alert
COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME
Ok, I will enable all violation from violations.conf and I let you know!
Thanks you again for your support Fabrice!
Best Regards,
Rosario
2015-02-19 17:20 GMT+01:00 Fabrice DURAND fdur...@inverse.ca:
Ok so to be sure that snort works let´s enable all the rules in snort
and restart it and do a
Hello Rosario,
snort is suppose to send the alert in this file /usr/local/pf /var/alert
, does it contain something ?
Regards
Fabrice
Le 2015-02-19 07:47, Rosario Ippolito a écrit :
Hello everybody PacketFence's users,
I have to ask some questions about Snort (Version 2.9.1.2) in
PacketFence
Ok, i can remember exactly but if you do a cat on this file:
cat /usr/local/pf/var/alert
do you see something ?
Regards
Fabrice
Le 2015-02-19 09:47, Rosario Ippolito a écrit :
Hello Fabrice,
thanks for the quick response! I had already tried to see that file,
sorry, but I can not open it.
Hello Fabrice,
thanks for the quick response! I had already tried to see that file, sorry, but
I can not open it. May I delete it and create a new one? (Maybe the file is
corrupted)
2015-02-19 15:35 GMT+01:00 Fabrice DURAND fdur...@inverse.ca:
Hello Rosario,
snort is suppose to send the
11 matches
Mail list logo