Snort mailing list archives
Re: [RGSPAM] Re: Listening to Wrong Interface (OS X)
From: Todd Wease <twease () sourcefire com>
Date: Wed, 22 Aug 2007 17:30:03 -0400
In your snort.conf put the line: config interface: <iface> e.g. config interface: en1 For no promiscuous mode: config no_promisc As for emailing alerts, Snort has no built-in way to do this. syslog may have a way to do what you want. There are also other third party apps that may be able to do what you want, e.g. Base or Sguil. Todd Quantum Scientific wrote:
Eh, OK I will try it. But surely there's a way to modify the .config file to do this? I found no evidence of a Listen command, and ostensibly it is supposed to be listening to *all* interfacen... but it only listens to one. If I can't make it listen to the right interface without it going off-line, Snort is of no use. And is there a way to set 'no promisc' in .config? Is there a way to have Snort email me alerts? On Wednesday 22 August 2007, Jason wrote:You can tell snort to listen to your wireless interface by using "-i en1". Unfortunately this will likely take your wireless offline as every time I put my card promisc it jumps off the ap. IIRC even specifying no promisc has the same result. Quantum Scientific wrote:Hello Snorters, I've just managed to get Snort running, but when I start it I see that it starts on interface en0 (ethernet), rather than en1 (wifi). Ether net is not connected and wifi is my main interface. I've installed HenWen and changed some adjustments there, but they didn't take. Maybe because I don't know how to run it as Admin. Also I find no setting in snort.conf for which interface to listen on. There is a setting for local network, but I presume that's to tell it what traffic to ignore. How do I make it listen to an interface?
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Listening to Wrong Interface (OS X) Quantum Scientific (Aug 21)
- Re: Listening to Wrong Interface (OS X) Jason (Aug 22)
- Re: Listening to Wrong Interface (OS X) Quantum Scientific (Aug 22)
- Re: Listening to Wrong Interface (OS X) James Lay (Aug 22)
- Re: Listening to Wrong Interface (OS X) Quantum Scientific (Aug 22)
- Re: Listening to Wrong Interface (OS X) Quantum Scientific (Aug 22)
- Re: Listening to Wrong Interface (OS X) Jason (Aug 22)
- Re: [RGSPAM] Re: Listening to Wrong Interface (OS X) Todd Wease (Aug 22)
- Re: [RGSPAM] Re: Listening to Wrong Interface (OS X) Quantum Scientific (Aug 22)
- Re: Listening to Wrong Interface (OS X) Quantum Scientific (Aug 22)
- Re: Listening to Wrong Interface (OS X) Jason (Aug 22)