[ovirt-users] oVirt and Snort

Pat Pierson ihasn2004 at gmail.com
Mon Sep 29 15:03:55 UTC 2014 

Itamar,
  Wow this is awesome.  I set up the port mirror vnic profile (had never
used vnic profiles before on oVirt, but it was super easy) and all is
working as it should.  Thanks for the input!

Antoni,
   I had installed the macspoof hook, thanks for the response.

On Mon, Sep 29, 2014 at 10:17 AM, Itamar Heim <iheim at redhat.com> wrote:

> On 09/29/2014 04:24 PM, Antoni Segura Puimedon wrote:
>
>>
>>
>> ----- Original Message -----
>>
>>> From: "Pat Pierson" <ihasn2004 at gmail.com>
>>> To: users at ovirt.org
>>> Sent: Monday, September 29, 2014 3:07:53 PM
>>> Subject: [ovirt-users] oVirt and Snort
>>>
>>> I am attempting to use Snort as an IDS on my network. Currently I have
>>> all
>>> traffic on my router uplink port mirrored to a port I have plugged into
>>> an
>>> unused port on an oVirt node. I have created a network that only has
>>> access
>>> to that port and assigned that network to my snort vm. I am able to see
>>> broadcast traffic (DHCP requests, DNS discoveries, ect) when I listen to
>>> that port but no direct IP to IP traffic. I believe it has something to
>>> do
>>> with macspoofing but I am not sure I have set that up correctly for this
>>> host. Has anyone seen documentation on properly setting up macspoofing or
>>> using snort on a virtual infrastructure like oVirt??
>>>
>>
>> Did you install the macspoof hook in that machine and set it up for the
>> vnic?
>>
>
> why is that needed for listening only? just creating a vnic profile with
> port mirroring should work out of the box with no hooks?
>
>
>
>>
>>> --
>>> Patrick Pierson
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>  _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>


-- 
Patrick Pierson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140929/88853438/attachment-0001.html>

More information about the Users mailing list