> On Feb 23, 2016, at 3:21 , Nathan, Josh <[email protected]> wrote:
>
> We do get the occasional "Rogue DHCP" alert, so we know Snort is doing
> something... But I don't see any log files that mention any of torrent
> activity.
Hi Josh,
That check is not done by snort but by PacketFence itself.
The question for you is then whether snort is actually detecting those
bittorrent connections.
PacketFence can only take action on what snort detects.
Check the following:
Is snort actually running? (I know, that sounds daft but it still must be
checked…)
Is snort detecting the bittorrent usage?
You can run snort in debug mode by calling it directly from the command line
without the -D flag, like this:
# snort -u pf -m 0137 -c /usr/local/pf/conf/snort.conf -i $INTERFACE -N
That should allow you to easily see if it actually detects bittorrent.
Only once you can show that snort is detecting bittorrent is there any point in
looking at the PacketFence configuration.
It then becomes an issue of whether snort is passing along the alerts to
PacketFence, and whether PacketFence is listening correctly for them.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
