Security Onion Inline

[Alex Berta]

Hey everyone,

I have a question can I use Security Onion inline on my network. I need to monitor all the traffic before it goes to the servers. Can this be done?

Also I am running into a problem with some linux drivers. If the box resarts its dumping all drivers and telling me that the utility is not installed. Any ideas? I am using this card.

http://www.interfacemasters.com/products/bypass-nics/niagara-42264-quad-port-copper-gigabit-ethernet-nic-with-bypass-pci-e-server-adapter-card.html

[Max Rogers]

Hi Alex,

Running Snort or Suricata in IPS mode is not supported.  See the FAQ "Can Security Onion run in IPS Mode?" on the Wiki at https://code.google.com/p/security-onion/wiki/FAQ

-Max

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[David Wasson]

You should be able to create a transparent network bridge and then sniff on that. You'll probably have to reconfigure your network settings.

Hopefully this will be helpful

http://www.lungstruck.com/compy/linux-transparent-bridge/