Force10 Networks PSeries 100-00055-01 Bedienungsanleitung Seite 47
- Seite / 132
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
P-Series Installation and Operation Guide, version 2.3.1.2 47
Running the Sguil System
Running the Sguil Sensor
Start the Sguil sensor using the command pnic sguil-sensor-start. Specify the IP address of the Sguil
server, and confirm the action, as shown in Figure 29.
Figure 29
root@# pnic sguil-sensor-start
Enter the IP address of the Sguil-Server:192.16.130.246
***********************************************
INTERFACE NAME : pnic0
SGUIL-SERVER IP-ADDRESS : 192.16.130.246
***********************************************
To start Sguil-sensor with the above configuration
Select "Ok"
1) Ok
2) Exit
#? 1
Starting sguil sensor processes...
Info: <InstallDir>/sguil-pids/snort_log-localhost.pid does not exist.
Checking for old process with ps.
No old processes found.
Starting new process anyway...
LogPackets started successfully.
Checking disk space (limited to 90%)...
Current Disk Use: 26%
Done.
Barnyard started successfully.
Snort started successfully.
Sancp started successfully.
Pcap Agent started successfully.
Sancp Agent started successfully.
Snort Agent started successfully.
Sguil-sensor has started successfully.
Starting the Sguil Sensor
Stop the Sguil sensor using the command pnic sguil-sensor-stop, as shown in Figure 30.
Figure 30
root@# pnic sguil-sensor-stop
Do you really want to stop the Sguil-sensor application (y/n)? y
LogPackets stopped successfully.
Stopped Pcap Agent successfully
Stopped Sancp Agent successfully
Stopped Snort Agent successfully
Stopped Barnyard successfully
Stopped Snort successfully
Stopped Sancp successfully
Stopped tail of snort.stats successfully
Sguil-sensor application has been stopped.
Stopping the Sguil Sensor
Writing New Rules
• All rules files are stored in the installation sub-directory .../nsm/sguil/rules.
- P-Series Installation and 1
- Operation Guide 1
- Contents 3
- Appendix E 6
- Appendix F 6
- Preface About this Guide 7
- Information Symbols 8
- Related Documents 8
- Additional Resources 8
- Chapter 1 Installation 9
- System Specifications 10
- Physical Connections 10
- Configuration 12
- Security Check 12
- Upgrading Software 12
- Chapter 2 Getting Started 15
- 16 Getting Started 16
- Chapter 3 Introduction 17
- Types of Rules 18
- Sample Rules and Firmware 18
- Rule Management 19
- Deploying the P-Series 19
- Inline Deployment 20
- Fail-safe Deployment 20
- Highly-available Deployment 21
- Passive Deployment 21
- Capturing Matched Traffic 22
- Capturing to a Host CPU 23
- Mirroring to Another Device 24
- GUI Commands 26
- PNIC0 Not Active 27
- To modify dynamic rules: 29
- 30 Graphical User Interface 30
- Figure 16 30
- Figure 17 30
- Capture/Forward Policies GUI 30
- Runtime Statistics 31
- 32 Graphical User Interface 32
- Figure 19 32
- Figure 20 32
- Reloading Firmware 33
- 34 Graphical User Interface 34
- (see Appendix A , on page 36
- Monitoring System Performance 38
- Managing Firmware Images 39
- 40 Web-based Management 40
- Managing Policies 41
- 42 Web-based Management 42
- Sguil Server 43
- Sguil Clie 43
- P-Series Sensors 43
- Installing the Sguil System 44
- Installing the Sguil Client 45
- Installation Files 46
- Running the Sguil System 47
- Running the Sguil Server 48
- Running the Sguil Client 49
- Figure 33 appears 50
- CLI Commands 51
- MAC Rewriting 51
- Removing VLAN Tags 53
- 54 Command Line Interface 54
- Chapter 8 Compiling Rules 55
- Enter command gmake from 58
- Selecting Yes is recommended 59
- Summary of configuration 60
- Firmware Filenames 62
- Compiler Errors 62
- Chapter 9 Writing Rules 63
- Protocol 64
- Source Addresses 64
- Direction Operator 65
- P-Series Rule Syntax 66
- Writing Stateful Rules 68
- Stateful Rule Examples 70
- Handling Segmentation Evasion 71
- Anomalous TCP Flags 73
- 74 Writing Rules 74
- Chapter 10 Firewall 75
- Enabling the Firewall 76
- 90 Appendix A 90
- Figure 55 91
- 92 Appendix A 92
- Figure 56 92
- Disable the physical link 93
- [channel] 93
- Enable the physical link 93
- Information 95
- 0/pnic_{0 98
- [number] 103
- [number] 104
- • Stop capturing and matching 104
- Stop the Sguil sensor 107
- • Load the runtime parameters 110
- [root@localhost SW]# 112
- 114 Appendix A 114
- Stop the web server 116
- Related 117
- Commands 117
- 118 Appendix A 118
- Appendix B Snort Keywords 119
- 122 Appendix B 122
- Table 30 123
- 124 Appendix C 124
- Unix Commands 125
- Appendix E Glossary 127
- Appendix F Technical Support 129
- Step Task 131
- 132 Technical Support 132
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.021 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern