Snort mailing list archives

Previous By Date Next
Previous By Thread Next

var external net

From: "Sean Kiewiet" <SKiewiet () prioritypaymentsystems com>
Date: Sat, 15 Oct 2005 11:33:32 -0400
I need some help;

I have 4 instances of snort running on a single machine and each
instance monitors a single promisc interface.

interface 3 -> home net ANY
interface 2 -> home net [xxx.xxx.xxx.xxx/24]
interface 1 -> home net [xxx.xxx.xxx.xxx/24]
interface 0 -> home net [xxx.xxx.xxx.xxx/24]

The external net for all interfaces is set to ANY

When I change home net in snort.conf on interface 3 from ANY to
[xxx.xxx.xxx.xxx/28,xxx.xxx.xxx.xxx/29] the sensor doesn't pickup any
more traffic, the log file just sits at 24 bytes.  When set to ANY snort
seems to work just fine, all of the addresses from the two blocks (and
more that I don't care about) are present in the log files.

BTW - all the x's are replaced with actual network addresses, I used
them here to protect the info.

What am I missing?

Sean




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: