RE: Can Snort monitor multiple VLANs?

["Escudero, Peter Louis" <peterlouis.escudero () eds com>]

Thanks for the input, Peter. Sorry I can't help you with Barnyard. One of
the Cisco switches we can't capture alerts from is GigE. Does that matter?
The Dell PE750 has 2 onboard GigE NICs. Should we hook up one of them to the
Cisco GigE switch then, & have snort sniff on that interface? We, too, have
multiple instances of snort running. Please advise. Thanks again.
 

Peter Escudero 


  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Peter Barton
Sent: Tuesday, April 05, 2005 9:02 AM
To: Snort-users () lists sourceforge net
Subject: RE: [Snort-users] Can Snort monitor multiple VLANs?



If you are having Snort log directly to MySql then the easiest way to do it
is to have multiple instances of Snort running, one for each interface.

 

My question to everyone is, what if you use Barnyard to write to MySql and
have Snort just write to binary files.  I still have multiple instances of
Snort running, but I can only seem to get one instance of Barnyard running.
Is there a trick to this or am I just going about this the wrong way?

 

Thanks,

 

Peter Barton

 

 


  _____  


From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Escudero,
Peter Louis
Sent: Tuesday, April 05, 2005 10:54 AM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Can Snort monitor multiple VLANs?

 

Our IDS box is a Dell PE750 running SuSE Linux 9.1 Pro & snort v2.1.x, with
a quad 10/100 NIC card. Three of the ports are hooked up to 3 different
Cisco switches, representing 3 different VLANs. We're able to capture alerts
from one switch, but not from the others. Is snort able to monitor different
VLANs? Or do we need a separate IDS box for each VLAN? Any info you can
provide will be greatly appreciated.

 

Peter Escudero