diff options
| author | Che-Wei Lin <linton.tw@gmail.com> | 2014-09-07 20:58:35 +0800 |
|---|---|---|
| committer | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2014-09-07 22:32:16 +0900 |
| commit | aa21f3d0527f2e8fb1ec4977e65ee1aaa4028508 (patch) | |
| tree | fe8dda88621db93d0d8aa2bfa38f42b97ce546ce /doc | |
| parent | acec42118095c0642bbc9b8dfbb584520b7681b9 (diff) | |
Snort Integrate:
Remove the wrong way to get IP and bind with it.
Binding with '0.0.0.0' and listen on all host.
Update and fix typos in the snort_integrate.rst document.
Fix the problem about pigrelay reconnect to ryu will not be accepted.
Pigrelay is a program running on Snort that receive Snort alert
from UNIX socket and send to Ryu via network socket.
Signed-off-by: Che-Wei Lin <linton.tw@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/snort_integrate.rst | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/doc/source/snort_integrate.rst b/doc/source/snort_integrate.rst index f6b593d7..bec56195 100644 --- a/doc/source/snort_integrate.rst +++ b/doc/source/snort_integrate.rst @@ -7,6 +7,8 @@ This document describes how to integrate Ryu with Snort. Overview ==== +There are two options can send alert to Ryu controller. The Option 1 is easier if you just want to demonstrate or test. Since Snort need very large computation power for analyzing packets you can choose Option 2 to separate them. + **[Option 1] Ryu and Snort are on the same machine** :: @@ -40,7 +42,7 @@ The above depicts Ryu and Snort architecture. Ryu receives Snort alert packet vi +----------+ +----------+ -**\*CP: Controller Plane** +**\*CP: Control Plane** The above depicts Ryu and Snort architecture. Ryu receives Snort alert packet via **Network Socket** . To monitor packets between HostA and HostB, installing a flow that mirrors packets to Snort. @@ -92,7 +94,7 @@ The incoming packets will all mirror to **port 3** which should be connect to Sn 3. Run Snort: :: $ sudo -i - $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf + $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf 4. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): :: @@ -114,20 +116,20 @@ The incoming packets will all mirror to **port 3** which should be connect to Sn 2. Run Ryu with sample application (On the Controller): :: - $ sudo ./bin/ryu-manager ryu/app/simple_switch_snort.py + $ ./bin/ryu-manager ryu/app/simple_switch_snort.py 3. Run Snort (On the Snort machine): :: $ sudo -i - $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf + $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf -4. Run ``unsock2nwsock.py`` (On the Snort machine): :: +4. Run ``pigrelay.py`` (On the Snort machine): :: - $ sudo python unsock2nwsock.py + $ sudo python pigrelay.py This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket. -You can clone the script over here. https://gist.github.com/John-Lin/9408ab716df57dbe32ca +You can clone the source code from this repo. https://github.com/John-Lin/pigrelay 5. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): :: |