Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: interface name in alert?

From: Andreas Östling <andreaso () it su se>
Date: Thu, 11 Apr 2002 22:49:59 +0200 (CEST)
On Thu, 11 Apr 2002, Howell, Paul wrote:



Hi,

Can snort include the interface name in an alert message?

Here's my setup.

I'm using snort 1.8.6 on FreeBSD running on 2 interfaces.

I run two snort programs:

snort -b -A fast -c /space1/snort/rules/snort.conf -l /space1/snort/log -dD
-i fxp1

sleep 2

snort -b -A fast -c /space1/snort/rules/snort.conf -l /space1/snort/log -dD
-i fxp2

When I look at the alert file, I can't tell which snort alerted.

I've read the FAQ, manual, and looked at a little code, but maybe I'm
missing
something.

Thanks!

< paul



From man page (or snort -?):


-I     Print out the receiving interface name in alerts.

/Andreas


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: