Snort mailing list archives
Re: Configuration issue, Part II
From: Chris Keladis <Chris.Keladis () cmc cwo net au>
Date: Mon, 24 Sep 2001 22:43:49 +1000
DJDave Sobel wrote: Hi Dave,
How do you specify which interface to use?
The -i switch to snort.
And of more importance to me, how do you specify binding to multiple interfaces? I'd like it to be watching traffic to all the internal networks, not just one... (that way, I can see what ipchains missed..)
This is in the Snort FAQ, but if you run a Linux 2.4 kernel and a special patch to Snort, and specify '-i any' Snort will monitor all interfaces (not certain if this patch has found it's way into mainstream Snort?) Failing that you can do as i have done and run a Snort instance on each interface. It works quite well especially if you use Demarc, since each Snort instance counts as a seperate sensor. I used the -I switch to make Snort list the interfaces in the ASCII alerts to make it easier to visualise where a packet came from. Visit the FAQ at www.snort.org for more specific details. Regards, Chris. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuration issue DJDave Sobel (Sep 22)
- Re: Configuration issue John Sage (Sep 22)
- Re: Configuration issue Brian (Sep 23)
- Configuration issue, Part II DJDave Sobel (Sep 23)
- Re: Configuration issue, Part II Erek Adams (Sep 23)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- Re: Configuration issue, Part II Chris Keladis (Sep 24)
- -i switch Matthew Francis (Sep 24)
- Re: Configuration issue, Part II Chris Keladis (Sep 24)
- Re: Configuration issue, Part II Erek Adams (Sep 24)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- RE: Configuration issue, Part II Erek Adams (Sep 24)
- Configuration issue, Part II DJDave Sobel (Sep 23)
- RE: Configuration issue, Part II Erek Adams (Sep 24)
- Re: Configuration issue, Part II Greg Sarsons (Sep 24)
- Re: Configuration issue, Part II Erek Adams (Sep 24)
- RE: Configuration issue, Part II John Berkers (Sep 25)