Snort mailing list archives
RE: Multihomed Sensor
From: "DeBerry, Casey" <Casey.DeBerry () trizetto com>
Date: Wed, 28 Jan 2004 07:33:52 -0700
Configure each individual network card as you would a promiscuous sniffer.. ala `ifconfig ethx promisc up` (Assuming linux here) Then, for each different instance, you need to create a startup script. I usually put things in /etc/init.d and link to relevant rc. Best thing to do is check in the "contrib" source directory for the S99snort script. For each interface, create a copy of the script.. ie: S99snort-eth0 S99snort-eth1 S99snort-eth2 etc.. Just open each script and change the IFACE=ethx to match your interface. You can also specify differenct conf files in there for each instance if you so desire. Cheers, Casey -----Original Message----- From: mailing-list [mailto:IMCEAEX-_O=HCC+20INSURANCE+20HOLDINGS+2C+20INC+2E_OU=HCC-HOUSTON_CN= RECIPIENTS_CN=MAILING-LIST () USSIC com] Sent: Saturday, January 24, 2004 12:13 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Multihomed Sensor I currently have a Linux box with 4 NICs. How do I configure it so that I can monitor each NIC separately with its own conf file? I have different subnets that I want to monitor. Thanks in Advance!
Current thread:
- Multihomed Sensor mailing-list (Jan 27)
- <Possible follow-ups>
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor Dean Davis (Jan 28)
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor DeBerry, Casey (Jan 28)
- RE: Multihomed Sensor mailing-list (Jan 31)