Re: Snort on multiple interfaces

[Nick Hatch <nick () restek wwu edu>]

Never done it before, but there's an entry in the Snort FAQ which covers 
this:

http://www.snort.org/docs/FAQ.txt

> 3.6 How can I run snort on multiple interfaces simultaneously.
>
> LINUX: If you aren't running snort on linux 2.1.x/2.2.x kernel (with LPF
> available) the only way is to run multiple instances of snort, one instance per
> interface (with the -i option specifying the interface). However for linux
> 2.1.x/2.2.x and higher you can use libpcap library with S. Krahmer's patch
> which allows you to specify 'any' as interface name. In this case snort will be
> able to process traffic coming to all interfaces.
>
> *BSD: Use the ``bridge'' interface to combine your nics into a logical
> interface (bridge0).


Jeffries, Michael MJ wrote:

> Hi there,
>
> I have a box with 3 interfaces pointing at different networks, I am 
> running fedora 9.2. How can I get snort to sniff on more than one 
> interface?
>
> Do I just start two sessions of snort up as follows ?
>
> snort -c /etc/snort/snort.conf -i eth0 &
> snort -c /etc/snort/snort.conf -i eth1 &
>
> Or is there a better way to do this?
>
> Thanks a ton
> Mike


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users