Snort Sensor Multi-Homed...

["Hessifer, Charles" <charles.hessifer () genuity com>]

For a snort sensor (multi-homed) with the primary NIC connected to RFC 1918
space and the second NIC running in promisc mode without the stack
configured, what is the best way to configure this via the snort.conf file. 

I am mostly concerned with performance. Would it be:

var HOME_NET any OR var HOME_NET $<inf>_ADDRESS

var EXTERNAL_NET any OR var EXTERNAL_NET $<inf>_ADDRESS


The idea here is to have my distributed sensors deployed throughout various
nets grabbing data on the promisc net and then all reporting back to my
Demarc/MySQL system via 1918 and gain maximum performance and results.

Any help would be appreciated!

C.Hessifer