Re: snortsam iptables plugin

[Frank Knobbe <frank () knobbe us>]

On Sun, 2005-01-02 at 15:26 +0200, Huseyin A. Ozbey wrote:
> I have problems using snort with the snortsam iptables plugin. When I
> patch snort, It says “Patching Snort version 2.0...”, does it mean I
> coundn’t use snort-2.3.0RC2 ?

Nope, no problem there. It should probably read 2.x ... I'll fix that
shortly. :)   Your Snort is patched correctly.

> I have attached the files, snort.conf, snortsam.conf and
> sid-block.map. Would you please help me why I couldn’t see any command
> in the FORWARD chain.

Don't know much about iptables, but I'll try. in your snortsam.conf you
have:
 iptables eth0 /var/log/syslog.info
This should probably be:
 iptables eth0 syslog.info  
It doesn't point to a file, but just lists the log facility and level.

I noticed that both, Snort and Snortsam are running on the same host. In
that case you also want to add:
 disableseqnocheck

Further, since it's Linux and a lot of Linux machines appear to have
problems with multi-threading, add:
 nothreads
That seems to cure a lot of problems on Linux boxes.


Hope that helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part