Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bonding or bridging two subnets

From: Robert Welz <welz () fixe-post de>
Date: Wed, 28 Dec 2005 13:47:03 +0100
Now everythig becomes confusing. First my original posting had an immediate reply (not to the list but to me privately) in french which I didn't understand. I thoght the message was rejected due to some unicode / iso charset mismatch. It looked really wiered, especially if you don't speak a single word french. especially not "unicode-french".
Then barryab63 answered me (thx barryab63!), but to my private postbox and to the list but I replied to him and not to the list. 

To get things back on track I post my second question here again.


barryab63-ia () yahoo com wrote:
> I don't think you'll want to bond or bridge the two interfaces in the case you describe. I think you'll want to run multiple instances of snort, one for each of the two interfaces you want to monitor. If you installed via RPM on SUSE I think you can do this by changing the settings in the /etc/sysconfig/snort file. You just tell it which interfaces you want snort to monitor and it pretty much takes care of everything for you. 
>
> Barry
Runnig two processes of snort on the same machine has more computing costs than running one process? I have 3 Gigabit (although 32Bit cards) which I want to observe. Will my 2.6 GHZ Celeron be enough? I plan logging to a different machine though. 
Thanks,
Robert






SquirrelMail looks wired with unicode

Betreff:        Notification d'=?unicode-1-1-utf-7?Q?+AOk-tat de remise
(+AOk-chec)?=
Von:    postmaster () imedia fr
Datum:          Mi, 28.12.2005, 13:01
An:     welz () fixe-post de
Priorität:      Normal
Optionen:       Alle Kopfzeilen anzeigen |  Druckversion zeigen

Cette notification d'+AOk-tat de remise est g+AOk-n+AOk-r+AOk-e
automatiquement.

+AMk-chec de la remise aux destinataires suivants.


Thunderbird yeah!

----------------------
Cette notification d'état de remise est générée automatiquement.

Échec de la remise aux destinataires suivants.

       anjah () imedia fr





Reporting-MTA: dns;imedia-hvj182q6.imedia.net
Received-From-MTA: dns;imedia.fr
Arrival-Date: Wed, 28 Dec 2005 13:01:35 +0100

Final-Recipient: rfc822;anjah () imedia fr
Action: failed
Status: 5.1.1



Subject:
[Snort-users] Bonding or bridging two subnets
From:
"R. Welz" <welz () fixe-post de>
Date:
Wed, 28 Dec 2005 12:58:02 +0100 (CET)
To:
<snort-users () lists sourceforge net>
Received:
from mail pickup service by imedia-hvj182q6.imedia.net with Microsoft SMTPSVC; Wed, 28 Dec 2005 13:01:35 +0100 
Return-Path:
welz () fixe-post de
Received:
from mx13.bcrtfl01.us.mxservers.net (131.103.218.133) by mail01k.rapidsite.net (RS ver 1.0.95vs) with SMTP id 0-0706701145 for <anjah () imedia fr>; Wed, 28 Dec 2005 06:59:17 -0500 (EST) 
Received:



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: