Snort mailing list archives

Re: Snort running on two interfaces

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 18 Mar 2004 15:00:49 +0000



--On 18 March 2004 08:58 -0500 Jason Humes <jhumes () acs on ca> wrote:

What is the best way to get snort to run on two interfaces?

Assuming you wish to use barnyard/mudpit eventually, you'll probably wantto have separate processes for each interface, as far as I can see, unlessyou'll guarantee that you'll be using exactly the same config file for each.

And what would be the best way to configure this to start automatically
when the box boots? Right now, I just took the S20snort script and kinda
just copied the portion of it that starts snort and copied and pasted it
further down in the S20snort script...seems to work, but must not be the
best way.  Also, does anyone know how to add my default gateway on boot,
right now, I've got a line in the S20snort script which says, "route add
default gw 192.0.0.201"...

This will be OS-dependent in terms of how to do it cleanly. Personally, Imodified the supplied initscript and sysconfig file so that multiple snortscould be started by using INTERFACE="eth0 eth1" or similar in the sysconfigfile.

As for the default gateway, setting that up in your snort initscript isalmost certainly the wrong place.


What OS are you using?

thanks

Jason D. Humes


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort running on two interfaces Jason Humes (Mar 18)
- Re: Snort running on two interfaces neil (Mar 18)
- Re: Snort running on two interfaces AJ Butcher, Information Systems and Computing (Mar 18)
- <Possible follow-ups>
- RE: Snort running on two interfaces Jason Humes (Mar 18)
  - RE: Snort running on two interfaces AJ Butcher, Information Systems and Computing (Mar 19)