Traffic graphs completely broken when Snort and limiters used
-
After I installed Snort package Traffic graphs showing strange values not correlated with actual traffic. I also have limiters configured and I think that a combination of limiters and Snorts break the Traffic graphs
-
@stepanov1975 said in Traffic graphs completely broken when Snort and limiters used:
After I installed Snort package Traffic graphs showing strange values not correlated with actual traffic. I also have limiters configured and I think that a combination of limiters and Snorts break the Traffic graphs
Specifically it's the Inline IPS Mode, when used, that breaks limiters and the traffic graph. It is due to the use of the
netmap
kernel device by Snort when you enable Inline IPS Mode. Thenetmap
device is not compatible with the other features. I'm assuming in this reply you have enabled the Inline IPS Mode with Snort. The Legacy Blocking Mode should not impact limiters or the traffic graph. -
@bmeeks Thanks for the replay. But in my case "Block Offenders" not enabled at all.
-
@stepanov1975 said in Traffic graphs completely broken when Snort and limiters used:
@bmeeks Thanks for the replay. But in my case "Block Offenders" not enabled at all.
With blocking not enbled, then I really don't see how Snort can interfere. All it does is get copies of packets as they leave the NIC driver using
libpcap
(before the firewall sees them for traffic inbound on an interface; and after the firewall for traffic outbound on an interface). -
@bmeeks Sorry. I am an idiot :( I expected graphs to be in bits, but they were in bytes. Actually they works just fine