Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RGSPAM] Re: Listening to Wrong Interface (OS X)

From: Quantum Scientific <Info () quantum-sci com>
Date: Wed, 22 Aug 2007 15:17:33 -0700

Nice, thanks Todd.

But if I can't use Snort without it taking down my wifi, I must set it aside.  Best idea I've heard so far is 
monitoring tun, but no idea how to forward packets there, and also it couldn't be promiscuous.


On Wednesday 22 August 2007, Todd Wease wrote:

In your snort.conf put the line:

config interface: <iface>

e.g.

config interface: en1


For no promiscuous mode:

config no_promisc


As for emailing alerts, Snort has no built-in way to do this.  syslog
may have a way to do what you want.  There are also other third party
apps that may be able to do what you want, e.g. Base or Sguil.


Todd



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: