IDS mailing list archives
Re: Multiple network segment monitor with Snort
From: "Keith W. McCammon" <keith-list () mccammon org>
Date: Thu, 25 Sep 2003 17:00:23 -0400
Can I use the same physical machine (with as many ethernet cards as sensors I want to deploy) and use various and independent snort processes? I neither know if only one Snort process can control different network cards at the same time. And yes, I know that I can hog the sensor, but the networks are going to have little traffic (at least right now!).
Yep, no problem. I run between 2-4 per FreeBSD-based sensor. As long as you keep up on RAM you're cool.
--------------------------------------------------------------------------- Captus Networks IPS 4000Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance PoliciesFREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Current thread:
- Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Sep 25)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- RE: Multiple network segment monitor with Snort James Williams (Sep 26)
- Re: Multiple network segment monitor with Snort Jason Haar (Sep 26)
- Re: Multiple network segment monitor with Snort Anton A. Chuvakin (Sep 26)
- Re: Multiple network segment monitor with Snort Florin Andrei (Sep 30)
- <Possible follow-ups>
- RE: Multiple network segment monitor with Snort kgeorgiades (Sep 29)
- Re: Multiple network segment monitor with Snort Keith W. McCammon (Sep 25)