Re: 3 or 4 NICs in a sensor?

[Erek Adams <erek () theadamsfamily net>]

On Thu, 26 Sep 2002, Sheahan, Paul (PCLN-NW) wrote:

> I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2
> NICs (1 for management, one for the sniffer). My current sensor is not
> exposed to heavy traffic and I was considering adding more NICs to the box
> so I can have it monitoring other segments at the same time, rather than
> build more sensors. Is anyone out there running Snort on a box with say, 4
> NICs, where 3 of the NICs are each running their own Snort instance,
> monitoring different network segments? If traffic is light enough on each
> segment, it seems better not to waste extra hardware and build separate
> sensors.
>
> I wanted to get an idea if others are doing this, is it wise to do it, will
> it work etc?

Short answer:  Yes, do it.

Longer answer:  Works like a charm.  One other thing that you might want to
consider is to use a quad port card.  One slot, but 4 ports.  I'm not sure on
pricing, but the Sun QFE used to be around $1200.  I'm sure you can get one
cheaper than that.  I'm sure if you check websites you can find a good deal on
them...

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users