Snort mailing list archives
Re: Snorting on 2 interfaces
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 22 Apr 2004 08:53:36 +0100
--On 17 April 2004 13:26 -0600 Conan the Librarian <conan_the_librarian () adelphia net> wrote:
Hello all, Need a little help here configuring snort to sniff on two interfaces simultaneously in a low traffic environment. Tried editing /etc/init.d/snort config file with IFACE=eth0,eth1
That will try to sniff on an interface named "eth0,eth1" and will almost certainly fail.
then IFACE=[eth0,eth1]
Bogus.
then two separate lines of IFACE=eth0 and IFACE=eth1
The second line will redefine the shell variable IFACE from eth0 to eth1 and snort will only sniff on eth1.
all with no joy. Read Beale, Foster and Posluns' book cover to cover. Checked man pages. Searched archives. All have HINTS that it can be done but no one specifies the syntax of the initiation or conf file.
With the standard snortd init script, setting IFACE="eth1 -i eth0 -i eth3" should work. Note the '-i's for the second and subsequent interfaces.Alternatively, bond the interfaces together, and attach snort to the bond0 interface.
Anyone done this before? MJ
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snorting on 2 interfaces Conan the Librarian (Apr 19)
- Re: Snorting on 2 interfaces AJ Butcher, Information Systems and Computing (Apr 22)
- <Possible follow-ups>
- RE: Snorting on 2 interfaces Harper, Patrick (Apr 19)
- RE: Snorting on 2 interfaces Truax, Shawn (MBS) (Apr 22)