RE: Snort-users digest, Vol 1 #2311 - 12 msgs

["Vieth, Scott" <svieth () mail mcw edu>]

Paul:

I've also got a DL360 G2 running RH7.3 and Snort.  Two 1.4GHz CPUs.  I have
three interfaces active right now (one for management, one for a high-volume
SPAN, one for a low-volume SPAN).  Snort runs just fine.  SnortSnarf is the
biggest pig (pun intended) on my box right now.  Per your suggestion, I'm
going to try snort_stat instead of SnortSnarf to parse the alert file.

-Scott

> Hello,
>
> I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2
> NICs (1 for management, one for the sniffer). My current sensor is not
> exposed to heavy traffic and I was considering adding more NICs to the box
> so I can have it monitoring other segments at the same time, rather than
> build more sensors. Is anyone out there running Snort on a box with say, 4
> NICs, where 3 of the NICs are each running their own Snort instance,
> monitoring different network segments? If traffic is light enough on each
> segment, it seems better not to waste extra hardware and build separate
> sensors. 
>
> I wanted to get an idea if others are doing this, is it wise to do it, will
> it work etc?


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users