[Snort-inline-users] Snort-inline not logging or dropping

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Greetings,

I am sitting with the following problem and I hope someone can assist me
with the following: (PS I am running RedHat 9.0 as OS)

I installed snort-2.0.0 from source, I created my own rule that looks as
follows and this is the only rule that I have active:

alert tcp any any -> any any (content:"monkey"; logto:"monkey.log";
msg:"Monkey Alert";)

This works beautifully and it logs the packets in the file I am pointing
it to. 

So what I did now is I took the binary from the inline
snort_inline-2.0.0.1 and I copied it over the snort binary. (I hope this
is right, I tried compiling it from source and I was getting the same
results)

Then I restarted my service it, starts up nicely. I do my test it logs
perfectly, letting me know the binary works.

Next I add the #iptables -A OUTPUT -p tcp --dport 80 -j QUEUE and I edit
the init script and I changed the options to be -DQ .... and now it does
not log any more or drop it if I change the rules files alert to drop.

Thank you 

--
Warm Regards
Thomas I. Switala

GENOTRIBE - sensible complexity