[ovirt-users] oVirt and Snort

Pat Pierson ihasn2004 at gmail.com
Mon Sep 29 13:07:53 UTC 2014


I am attempting to use Snort as an IDS on my network.  Currently I have all
traffic on my router uplink port mirrored to a port I have plugged into an
unused port on an oVirt node.  I have created a network that only has
access to that port and assigned that network to my snort vm.  I am able to
see broadcast traffic (DHCP requests, DNS discoveries, ect) when I listen
to that port but no direct IP to IP traffic.  I believe it has something to
do with macspoofing but I am not sure I have set that up correctly for this
host.  Has anyone seen documentation on properly setting up macspoofing or
using snort on a virtual infrastructure like oVirt??

-- 
Patrick Pierson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140929/e88f0002/attachment-0001.html>


More information about the Users mailing list