Re: Snort and Proxmox

[Jeremy Hoel <jthoel () gmail com>]

You should start with running TCPdump on the listening interface on
the snort box to make sure it's seeing the packets you expect it to
see.



On Mon, Jan 28, 2013 at 5:12 PM, Josh Bitto <jbitto () onlineschool ca> wrote:
> Hello Everyone,
>
>
>
> I’m new on using snort and I’m needing to lean on your expertise. We’ve
> decided to use snort on our network and in doing so I’ve setup a small test
> lab away from the actual network to see how this IDS works. So here’s the
> problem…..I can’t get snort to show any logs. I want to be able to see if
> it’s actually working or not.
>
>
>
> I set up a stand-alone server with proxmox on it.
>
>
>
> Created 2 VM’s
>
>
>
> One is Pfsense
>
> The other is just a xp machine.
>
>
>
> In proxmox interface.conf looks like this.
>
>
>
> Config looks like this:
>
> Auto lo
>
> Iface lo inet loopback
>
>
>
> Auto VMbr0
>
> Iface vmbr0 inet static
>
>                 Address 192.168.3.15
>
>                 Netmask  255.255.252.0
>
>                 Gateway 192.168.1.1
>
>                 Bridge_ports eth0
>
>                 Bridge_stp off
>
>                 Bridge_fd 0
>
>
>
> Auto vmbr1
>
> Iface vmbr1 inet manual
>
>                 Bridge_ports eth1
>
>                 Bridge_stp off
>
>                 Bridge_fd 0
>
>
>
>
>
> I did everything to spec in pfsense….its pretty straight forward.
>
> 1.       Setup the interface on pfsense to match in proxmox
>
> 2.       Downloaded the snort package
>
> 3.       Obtained a oinkmaster code
>
> 4.       Created the WAN interface in snort.
>
> 5.       Checked ALL the rules to activate them.
>
> 6.       Even restarted both pfsense and the snort service.
>
>
>
> I just for some reason can’t get the darn thing to log events….as a test. I
> activated teamviewer rules and tried to block an event and couldn’t get it
> to do that. So my thinking is….Its somewhere at the interface. I just don’t
> know what I need to do. Any help would be greatful!
>
>
>
>
>
>
>
> Josh
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!