Snort mailing list archives
snort with 2 nics - collecting only UDP data
From: "Tinu Patel" <tinu.patel () insignis com>
Date: Tue, 27 Nov 2001 10:17:01 -0600
Hi folks.... I am pretty new to snort...so this may be a dumb question but here goes... I have a snort box that has 2 sensors running on 2 different nic's. One of the nic's is capturing data outside the firewall and is working perfectly fine. The other nic is capturing data inside the firewall from a monitor port on an HP switch (where we forwarded all switch traffic to). The internal sensor is only picking up UDP data... and a TON of it. It doubled the database size and then some in one night just from garbage sensor reports. Why is it not picking any TCP traffic? Am I doing something wrong here? My snort.conf has: log tcp any any -> x.x.x.x/x any any Thanks Tinu
Current thread:
- snort with 2 nics - collecting only UDP data Tinu Patel (Nov 27)
- <Possible follow-ups>
- RE: snort with 2 nics - collecting only UDP data Tinu Patel (Nov 27)
- RE: snort with 2 nics - collecting only UDP data Tinu Patel (Nov 27)
- RE: snort with 2 nics - collecting only UDP data Erek Adams (Nov 27)
- RE: snort with 2 nics - collecting only UDP data Tinu Patel (Nov 27)
- RE: snort with 2 nics - collecting only UDP data Erek Adams (Nov 27)