-
November 22nd, 2004, 05:25 AM
#1
Member
Help with snort & barnyard
iv'e been trying to get snort and barnyard to work properly over ppp0. The problem is that it doesnt output anything to the log file.
My plan is to have snort monitor ppp0 for intrusions and allow hosts to connect over eth0 to view the logs
Setup
--------
slackware with snort, barnyard and acid
eth0 - local network
ppp0 - internet
mysql and http are bound to eth0
firewall is turned off
when i run
$snort -c /etc/snort/snort.conf -i ppp0 -g nogroup -D
$barnyard -c /etc/snort/barnyard.conf -d /var/log/snort -f snort.log
i dont get anything in /var/log/snort
but when i tell it to listen to eth0 everything works fine
i have tried fiddling with the config files, but still no luck
eg: in snort.conf
var HOME_NET any (also tried 192.168.0.0/24)
var EXTERNAL_NET any
eg: in barnyard.conf
config interface: ppp0
can anyone elighten me on what program should be listening on what interface
the way i see it is that snort and barnyard should listen on ppp0 and mysql and http are on eth0
any ideas??? thanks.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|