Skip to main content

Thread: SNORT on only one interface?

-

i have installed snort repository, , installed acidbase , have working , functional. ids sitting behind asa firewall, listening nic in promisc mode, connected spanned port on asa. other main nic connected internal network, remote administration , other monitoring. snort generating lots of "alerts" on internal network don't care see @ point in time.

go ensure snort active on listening interface? poked around in /etc/init.d/snort , snort.conf, not sure look. have change home_net match ip range of interface listening on? mean traffic want see outside traffic website behind firewall. hoping there way start snort flag enables listening on interface choose. appreciated!

well think found need create new "sensor" maybe? looking in acidbase pages, see there's 1 configured in /acidbase/base_stat_sensor.php, , it's bound internal interface. i'll dig through snort pages , see if can find anything, in meantime if can chime in i'll watching!

#edit#

what did, using base, start 2 instances of snort , vary "-i " parameter on command line, , used same snort.conf each. neither sensor id nor the interface mentioned anywhere in snort.conf. new sensor ids automatically generated, , base can distinguish between them fine. 1 database needed, , 1 base instance needed. alerts displayed intermixed, fine me. details show sensor, source , dest ip, etc, involved. of course, if want separate them using separate databases can.
i found while trawling intarwebz. looks since need 1 interface listening, need find out edit startup options created when installed repository. other tutorials have me setting source, i'd stay packages since makes upgrading in future less hassle.


Forum The Ubuntu Forum Community Ubuntu Official Flavours Support General Help [ubuntu] SNORT on only one interface?


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Joomla site hacked, cant see front and - Joomla! Forum - community, help and support

-
hi all; here thing: i went see site because haven't visited week or 2 , surprised when saw white page some provocation written on tab , acronym of attacker on page. i log on ftp server see if files there , found vital data remind safe. i tried put site off line got same hackers index.html file displaying when press "preview" button in joomla admin. deleted index.html file , tried check offline site option again. time got offline page. but problem resumes when put site online... white page, nothing else written. site date, , joomla updated v. 1.5.10 few days back. virtuemart commponent installed, newest v. 1.1.3 do need install fresh joomla copy , overwrite files previous including data base, or can avoid job fixing index.html on front end. i didn't make backup copy of site, i'll if not working save date in case potential hacker delete server... any suggestions? check template index.html file (edit html in template manager active template) usual source of hacking...
Read more

Christian Home School Programs - Joomla! Forum - community, help and support

-
Image
hello guys, (my first custom template) i got son in accelerated christian home school program. they did not have web site designing , hosting cover fees in trade. website: christian home school programs i've not got content published... the graphics imagination i've installed jumi i have directphp installed mostly custom css layout , i've used css purity seo, christian home shool - 200 million+ organics i have optimized code behind visual design crawlers. any thoughts / recommendations? i'm new custom templating in joomla ears open gurus of joomla richard hey, well done on first custom template. i don't background... @ all. think should going more professional look, maybe isnt repeating on both x , y axis, , isnt shade of blue. as far content goes, there isnt much... site performance good. good luck tim Board index Joomla! Official Sites & Infrastructure Sites & Infrastructure - Feedback/Information ...
Read more

Trouble with PF_OutFlag_I_USE_AUDIO and PF_CHECKOUT_LAYER_AUDIO

-
i trying render graphical representation of layer's audio waveform. have seen this similar thread , problem checking out audio, cannot far.   in globalsetup function set out_flags thus..   out_data-> out_flags = pf_outflag_i_use_audio;   but in pf_cmd_frame_setup function, , pf_cmd_render function ( pf_cmd_smart_pre_render pf_cmd_smart_render)   the pf_indata src_snd structure empty , in_data->start_sampl == 0, in_data->dur_sampl == 0, in_data->total_sampl == 0     i missing something, appreciate guidance,   thanks   steve (london, uk - adobe plugin developers nearby?) More discussions in After Effects SDK adobe
Read more