[ovirt-users] oVirt and Snort

Itamar Heim iheim at redhat.com
Mon Sep 29 14:17:42 UTC 2014


On 09/29/2014 04:24 PM, Antoni Segura Puimedon wrote:
>
>
> ----- Original Message -----
>> From: "Pat Pierson" <ihasn2004 at gmail.com>
>> To: users at ovirt.org
>> Sent: Monday, September 29, 2014 3:07:53 PM
>> Subject: [ovirt-users] oVirt and Snort
>>
>> I am attempting to use Snort as an IDS on my network. Currently I have all
>> traffic on my router uplink port mirrored to a port I have plugged into an
>> unused port on an oVirt node. I have created a network that only has access
>> to that port and assigned that network to my snort vm. I am able to see
>> broadcast traffic (DHCP requests, DNS discoveries, ect) when I listen to
>> that port but no direct IP to IP traffic. I believe it has something to do
>> with macspoofing but I am not sure I have set that up correctly for this
>> host. Has anyone seen documentation on properly setting up macspoofing or
>> using snort on a virtual infrastructure like oVirt??
>
> Did you install the macspoof hook in that machine and set it up for the vnic?

why is that needed for listening only? just creating a vnic profile with 
port mirroring should work out of the box with no hooks?

>
>>
>> --
>> Patrick Pierson
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>




More information about the Users mailing list