Thanks for the reply Louis! I actually ended up having to use the
/usr/local/pf/*var*/conf/snort.conf file as it didn't like the variables,
etc, in the pre-processed version.
It is *NOT* showing any bittorrent activity.
I'm sorry to say that I'm not sure where to look to figure out why it's not
working. I guess I've relied too much on it working "out of the box".
Where should I start for figuring out why Snort isn't detecting bittorrents?
Thanks,
Joshua Nathan
Level 3 IT Support and Development
Black Forest Academy
+49 (0) 7626-9161-630
On Tue, Feb 23, 2016 at 4:23 PM, Louis Munro <[email protected]> wrote:
>
>
> On Feb 23, 2016, at 3:21 , Nathan, Josh <[email protected]> wrote:
>
> We do get the occasional "Rogue DHCP" alert, so we know Snort is doing
> *something*... But I don't see any log files that mention any of torrent
> activity.
>
>
>
> Hi Josh,
> That check is not done by snort but by PacketFence itself.
>
> The question for you is then whether snort is actually detecting those
> bittorrent connections.
> PacketFence can only take action on what snort detects.
>
> Check the following:
> Is snort actually running? (I know, that sounds daft but it still must be
> checked…)
> Is snort detecting the bittorrent usage?
>
> You can run snort in debug mode by calling it directly from the command
> line without the -D flag, like this:
> # snort -u pf -m 0137 -c /usr/local/pf/conf/snort.conf -i $INTERFACE -N
>
> That should allow you to easily see if it actually detects bittorrent.
>
> Only once you can show that snort is detecting bittorrent is there any
> point in looking at the PacketFence configuration.
> It then becomes an issue of whether snort is passing along the alerts to
> PacketFence, and whether PacketFence is listening correctly for them.
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
