Derek, yes it's a separate unit. FreeBSD 10.2 with Suricata running on it. No special suite of softwares. It's just the Suricata install.
-----Original Message----- From: packetfence-users-requ...@lists.sourceforge.net [mailto:packetfence-users-requ...@lists.sourceforge.net] Sent: Tuesday, October 13, 2015 10:53 AM To: packetfence-users@lists.sourceforge.net Subject: PacketFence-users Digest, Vol 90, Issue 36 Send PacketFence-users mailing list submissions to packetfence-users@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to packetfence-users-requ...@lists.sourceforge.net You can reach the person managing the list at packetfence-users-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. Re: Suricata alerts to Packet Fence (Derek Wuelfrath) 2. Re: pfdhcplistener (Derek Wuelfrath) ---------------------------------------------------------------------- Message: 1 Date: Tue, 13 Oct 2015 10:41:05 -0400 From: Derek Wuelfrath <dwuelfr...@inverse.ca> Subject: Re: [PacketFence-users] Suricata alerts to Packet Fence To: ML PF <packetfence-users@lists.sourceforge.net> Message-ID: <6c92c7d1-0d78-42df-be14-410dc28c8...@inverse.ca> Content-Type: text/plain; charset="utf-8" Hello Chris, Are you running Suricata on a separate box (I assume). Are you running it standalone or withing a security suite (SecurityOnion per example). Let me know Cheers! dw. ? Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Oct 9, 2015, at 5:05 PM, Boley, Chris <chrisbo...@cogentrix.com> wrote: > > Does anyone happen to know where I can find info on sending suricata alert > events over to Packet Fence? > > > Chris Boley | Network Engineer | Cogentrix Energy Power Management, > LLC > > > ---------------------------------------------------------------------- > -------- _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users> -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Tue, 13 Oct 2015 10:52:22 -0400 From: Derek Wuelfrath <dwuelfr...@inverse.ca> Subject: Re: [PacketFence-users] pfdhcplistener To: ML PF <packetfence-users@lists.sourceforge.net> Message-ID: <79229123-87df-4f2f-83ab-3231b5525...@inverse.ca> Content-Type: text/plain; charset="utf-8" Hello Chinmay, I?m looking at it and I?ll get back to you. Cheers! dw. ? Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Oct 13, 2015, at 2:17 AM, Chinmay Mahata <chinmay_mah...@rediffmail.com> > wrote: > > Dear Derek, > Any thought on my issue..... > > Regards, > --Chinmay > > > > From: "Chinmay Mahata" <chinmay_mah...@rediffmail.com> > Sent: Fri, 09 Oct 2015 18:13:36 > To: "packetfence-users@lists.sourceforge.net" > <packetfence-users@lists.sourceforge.net> > Subject: Re: [PacketFence-users] pfdhcplistener Dear Derek, > Thanks for your quick response. I think I could not describe my > problem/query properly. > > DHCPD is running on only one interface (eth0) of my PF server, no issue with > that. > > Actually at the WAN side (upstream) of my PF server there is another DHCP > server is running (though PF server WAN has static IP). Since pfdhcplistener > is running at eth1(WAN) also, in the node (web)page I can see many > unregistered nodes of WAN network which I don't want. > > I want to see only those nodes in the webpage which are under PF server > and who are getting IP addresses from DHCP server running in PF server (on > eth0). Hope pfdhcplistener on eth0 only can catch those. > > So I want to run only one instance of pfdhcplistener on interface eth0 > (pfdhcplistener_eth0). Please let me know how can I do that. > > Thanks again Derek. > > Regards, > --Chinmay > > > > > > From: Derek Wuelfrath <dwuelfr...@inverse.ca> > Sent: Thu, 08 Oct 2015 22:11:09 > To: ML PF <packetfence-users@lists.sourceforge.net> > Subject: Re: [PacketFence-users] pfdhcplistener Chinmay, > >> The packetfence server is working as a DHCP server. >> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, >> pfdhcplistener_eth1. >> >> >> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it >> be possible (or it may cause other problem)? Which config item do I need to >> modify for that? > > ?pfdhcplistener?, as its name says, listen for dhcp packets. > PacketFence starts a ?pfdhcplistener? daemon on each of the required network > interfaces (in this case, management and inline). > > ?pfdhcplistener? is not acting as a DHCP server, dhcpd is. ?pfdhcplistener? > is only listening to DHCP packet for MAC <-> IP association useful in > PacketFence. > > If you do a > ps uafx | grep dhcpd > you should see the dhcpd daemon running with only eth0 as listening interface. > > Cheers! > dw. > > ? > Derek Wuelfrath > dwuelfr...@inverse.ca :: +1.514.447.491 > <x-msg://f5mail.rediff.com/cgi-bin/prored.cgi?red=http://1.514.447.491 > &isImage=0&BlockImage=0&rediffng=0&rogue=ba42cf6a7cd18481ec5520d40f020 > 7840b977b09>8 (x110) :: +1.866.353.615 > <x-msg://f5mail.rediff.com/cgi-bin/prored.cgi?red=http://1.866.353.615 > &isImage=0&BlockImage=0&rediffng=0&rogue=af879f62ee1a7599566197d6e2221 > d8167f40afc>3 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (www.packetfence.org > <http://www.packetfence.org/>) > >> On Oct 8, 2015, at 10:42 AM, Chinmay Mahata <chinmay_mah...@rediffmail.com> >> wrote: >> >> Hi, >> I have setup packetfence(5.4.0) with inline enforcement having below >> interface details (LAN: eth0, WAN: eth1). >> >> [interface eth0] >> enforcement=inlinel2 >> type=internal >> >> [interface eth1] >> type=management >> >> The packetfence server is working as a DHCP server. >> I see that two pfdhcplisteners are running: pfdhcplistener_eth0, >> pfdhcplistener_eth1. >> >> >> But I want to run only one pfdhcplistener viz. pfdhcplistener_eth0. Can it >> be possible (or it may cause other problem)? Which config item do I need to >> modify for that? >> >> Waiting for your help. >> >> Thanks in advance. >> --Chinmay >> >> >> >> Get your own FREE website, FREE domain & FREE mobile app with Company email. >> ? >> >> <https://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail. >> com/signatureline.htm@Middle?>Know More > >> <http://track.rediff.com/click?url=___http://businessemail.rediff.com >> ?sc_cid=sign-1-10-13___&cmp=host&lnk=sign-1-10-13&nsrv1=host>-------- >> --------------------------------------------------------------------- >> - _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <x-msg://f5mail.rediff.com/cgi-bin/prored.cgi?red=https%3A%2F%2Flists >> .sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&isImage=0&Blo >> ckImage=0&rediffng=0&rogue=fed20659922918f122f7abeaae6537fdd08a0e78> > > ---------------------------------------------------------------------- > -------- _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <x-msg://f5mail.rediff.com/cgi-bin/prored.cgi?red=https%3A%2F%2Flists. > sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&isImage=0&Block > Image=0&rediffng=0&rogue=fed20659922918f122f7abeaae6537fdd08a0e78> > > > Get your own FREE website, FREE domain & FREE mobile app with Company email. ? > > <https://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.c > om/signatureline.htm@Middle?>Know More > > <http://track.rediff.com/click?url=___http://businessemail.rediff.com? > sc_cid=sign-1-10-13___&cmp=host&lnk=sign-1-10-13&nsrv1=host> > ---------------------------------------------------------------------- > -------- _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > <https://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.c > om/signatureline.htm@Middle?> Get your own FREE website, FREE domain & > FREE mobile app with Company email. > Know More > > <http://track.rediff.com/click?url=___http://businessemail.rediff.com? > sc_cid=sign-1-10-13___&cmp=host&lnk=sign-1-10-13&nsrv1=host>---------- > -------------------------------------------------------------------- > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 90, Issue 36 ************************************************* ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users