Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Advanced » Detecting if Snort and/or Snort Inline are running

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Detecting if Snort and/or Snort Inline are running


Posted by aluna_98 on May 09, 2005 13:47:06

Hi community, I would like to run snort in ids and ips modes at same time, but I need to know when snort is running in ips mode and when is running in ids mode, ans also I want to be able to stop snort in ids mode only, or ips mode only (that is, keep it running in the other mode if it was)
Any help, please, would be very appreciated.
Thank in advance
Best regards...
Alex

Posted by verystrong on May 10, 2005 14:11:48

Hi,
if you exec snort like IPS you will see for example the "snort_inline -QDc" tasks... however when you are running snort like IDS you will see the snort process.... you can stop in any time the snort task o the snort_inline task with the kill -9 signal...

Posted by aluna_98 on May 11, 2005 13:35:26

Thanx for your response, I was expecting to use the sme binary for snort (ids mode) and snort inline (ips mode), thus the question on how to identify every running instance.
I was comparing the snort_inline sources (version 2.3.0 in http://snort-inline.sourceforge.net/download.html) with snort sources (version 2.3.3 available in this site), and found to be the same except for some plugins (new and updated ones) and rules (new and updated ones), the questions are:
1. are the rules the same for snort and snort_inline?
2. is it possible to make snort and snort_inline work with the same rules? (this will make easy the rule update process, because only one dir in the server will be updated)
3. is it possible to merge snort and snort_inline sources in order to make snort_inline the same version as snort?

Thanks again, best regards
Alex
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.