You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/21 21:43:58 UTC

[jira] [Commented] (METRON-247) Snort HOME_NET hardcoded to ansible_eth0.ipv4.address

    [ https://issues.apache.org/jira/browse/METRON-247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15342799#comment-15342799 ] 

ASF GitHub Bot commented on METRON-247:
---------------------------------------

GitHub user nickwallen opened a pull request:

    https://github.com/apache/incubator-metron/pull/166

    METRON-247 Using IP of the sniff interface as Snort's home network

    Snort was previously using the IPv4 address of the `eth0` network interface as its HOME_NET.  This is a problem, of course, if there is no such interface.  The deployment was failing when run on hosts that do not have an `eth0` network interface.
    
    This fix uses the IPv4 address of the `sniff_interface` as a sensible default.  This works fine for most development or demo builds of Metron.  For other deployments, the user can override `snort_home_net` to define this value appropriately for their environment.
    
    In the case of using canned or replayed pcap data for testing, this value also needs to be adjusted based on the pcap data.  For this scenario, I altered 'sensor-test-mode' to use a `HOME_NET` of `any` so that it correctly alerts on every packet seen.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nickwallen/incubator-metron METRON-247

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/166.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #166
    
----

----


> Snort HOME_NET hardcoded to ansible_eth0.ipv4.address
> -----------------------------------------------------
>
>                 Key: METRON-247
>                 URL: https://issues.apache.org/jira/browse/METRON-247
>             Project: Metron
>          Issue Type: Bug
>            Reporter: David M. Lyle
>
> This needs to be configured to use the ipv4 address of the sniff interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)