Snort mailing list archives
AW: 3 or 4 NICs in a sensor?
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Sat, 28 Sep 2002 11:18:14 +0200
If you click on the HTML-Version or any other version link you'll get the english version (it's the only one available although the description is german since our LUG is located in Germany ;). You might also have a look on www.linuxdoc.org where the howto is also included. So long, Sandro
Thanks for the info. I clicked your link below, but it appears to be in another language. Do you have an english version of the HOWTO you are referring to? Thanks -----Original Message----- From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com] Sent: Friday, September 27, 2002 2:03 AM To: 'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail) Subject: AW: [Snort-users] 3 or 4 NICs in a sensor? Paul, I'm running a 6 NIC RH 7.2 box with 5 snort instances listening on 5 NICs (3x 100Mb/s, 2x 10Mb/s, not highly saturated). Works like a charm (ok, traffic has been rising over the month and snort reports some packet drops on 2 interfaces with values about 0.0xx%). Tuning should help to get back to 0.000% You might take a look on my HOWTO at http://www.lug-burghausen.org/projects/index.html#snort-stat where I described such a configuration. HTH, SandroHello, I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2 NICs (1 for management, one for the sniffer). My currentsensor is notexposed to heavy traffic and I was considering adding more NICs to the box so I can have it monitoring other segments at the same time, rather than build more sensors. Is anyone out there running Snort on a box with say, 4 NICs, where 3 of the NICs are each running their own Snort instance, monitoring different network segments? If traffic is light enough on each segment, it seems better not to waste extra hardware and build separate sensors. I wanted to get an idea if others are doing this, is it wise to do it, will it work etc? Thanks! Paul ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: 3 or 4 NICs in a sensor? Poppi, Sandro (Sep 26)
- <Possible follow-ups>
- AW: 3 or 4 NICs in a sensor? Poppi, Sandro (Sep 27)
- AW: 3 or 4 NICs in a sensor? Poppi, Sandro (Sep 28)
- Re: AW: 3 or 4 NICs in a sensor? Ben Feinstein (Sep 29)
- AW: 3 or 4 NICs in a sensor? Poppi, Sandro (Sep 28)