[PacketFence-users] Snort After Upgrade

Mon, 09 May 2016 05:53:31 -0700 

Hi,

Since upgrading to the new version I've been having an issue with snort.
I've maintained the same violations. Here is an Example:

[30000051]
priority=1
trigger=detect::2000334,detect::2000369,detect::2011699,detect::2010144,detect::2006375,detect::2008582
actions=email_user,email_admin
desc=P2P BitTorrent
enabled=Y
template=roguedhcp
auto_enable=N

I see the alerts in the alert file so snort sees the traffic and logs it, I
then see it in the pfdetect logs.

May 06 14:51:30 pfdetect(4904) INFO: alert received: '05/06-14:51:30.174521
 [**] [1:2011699:5] ET P2P Bittorrent P2P Client User-Agent
(Transmission/1.x) [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} X.X.X.XX:43556 -> 91.189.94.40:80
' (main::_run_detector)
May 06 14:51:30 pfdetect(4904) INFO: alert received: '05/06-14:51:30.339731
 [**] [1:2011699:5] ET P2P Bittorrent P2P Client User-Agent
(Transmission/1.x) [**] [Classification: Potential Corporate Privacy
Violation] [Priority: 1] {TCP} X.X.X.XX:39709 -> 91.189.89.110:80

So It should work as it did before but this violation is just not being
triggered. I verified that the email addresses are setup. I even did a test
of a custom alert in snort for ICMP then issued a bunch of pings, again it
gets picked up by snort and pfdetect.

May 06 12:10:37 pfdetect(26902) INFO: alert received:
'05/06-12:10:37.745138  [**] [1:1:0] ICMP Packet Detected [**] [Priority:
0] {ICMP} xx.x.x.x -> x.x.x.x

However even with my violation set nothing happens.

(Don't have the vionlation.conf for this anymore, I deleted the conf file
and started fresh during testing)

There is nothing in the packetfence log.

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to