[ovirt-users] oVirt and Snort
Pat Pierson
ihasn2004 at gmail.com
Mon Sep 29 13:07:53 UTC 2014
I am attempting to use Snort as an IDS on my network. Currently I have all
traffic on my router uplink port mirrored to a port I have plugged into an
unused port on an oVirt node. I have created a network that only has
access to that port and assigned that network to my snort vm. I am able to
see broadcast traffic (DHCP requests, DNS discoveries, ect) when I listen
to that port but no direct IP to IP traffic. I believe it has something to
do with macspoofing but I am not sure I have set that up correctly for this
host. Has anyone seen documentation on properly setting up macspoofing or
using snort on a virtual infrastructure like oVirt??
--
Patrick Pierson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140929/e88f0002/attachment-0001.html>
More information about the Users
mailing list