[ovirt-users] oVirt and Snort
Antoni Segura Puimedon
asegurap at redhat.com
Mon Sep 29 13:24:52 UTC 2014
----- Original Message -----
> From: "Pat Pierson" <ihasn2004 at gmail.com>
> To: users at ovirt.org
> Sent: Monday, September 29, 2014 3:07:53 PM
> Subject: [ovirt-users] oVirt and Snort
>
> I am attempting to use Snort as an IDS on my network. Currently I have all
> traffic on my router uplink port mirrored to a port I have plugged into an
> unused port on an oVirt node. I have created a network that only has access
> to that port and assigned that network to my snort vm. I am able to see
> broadcast traffic (DHCP requests, DNS discoveries, ect) when I listen to
> that port but no direct IP to IP traffic. I believe it has something to do
> with macspoofing but I am not sure I have set that up correctly for this
> host. Has anyone seen documentation on properly setting up macspoofing or
> using snort on a virtual infrastructure like oVirt??
Did you install the macspoof hook in that machine and set it up for the vnic?
>
> --
> Patrick Pierson
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list