Multiple IF

["Andrew Stubbs" <andrews () stusoft com>]

I have tried setting snort to run on multiple interfaces in 2 ways

1) Using multiple address/masks (implicit ip HOME_NET [xxx.xxx.xxx.xxx/32,yyyy.yyyy.yyyy.yyyy/32]
2) Using seperate instances of snort with diff config files.

Also tried using HOME_NET [$eth0_ADDRESS,$eth1_ADDRESS] produces an error
(snort: [!] ERROR /etc/snort/rules/snort2.conf (40): Bad value in variable definition! 
 snort: FATAL ERROR:        Make sure you don't have a "$" in the var name )

In either event the second i/f never goes into promisc mode and thus no packets logged.

Running: Linux 2.4.2., latest libpcap etc, Snort Version 1.8.1-beta7.
Dual nic (3c59x)


Ideas anyone ?

Andrew