Snort mailing list archives
multiple stealth interfaces on one box
From: "mackan mackna" <mackanspel () hotmail com>
Date: Wed, 24 Jul 2002 09:53:17 +0000
Hi all, ****my setup**** red hat 7.3 (2.4.18 kernel) with 6 NICs, snort-1.8.7, acid ****problem****I want to monitor several segments (intermal LAN, DMZ, outside FW etc) on the computer.
I start up several instances of snort with different configs (snort -i eth1 -c snort1.conf, snort -i eth2 -c snort2.conf, etc)
What I want is a gui that can modify the rules for each interface. I've tried webmin and activeworx. But they only recognise one sensor, probably because I only have one mgmt interface (one ip-adress).
Can this be done? Or do I need one mgmt ipadress per sensor? What if i use three NICs for mgmt each with an individual ip, and three for sensors, how do i get snort to know which mgmt NIC belongs to which sensor NIC?
Another question: how can I separate alerts based on vlan tag (802.1q) in ACID?
Thanks in advance //Marcus _________________________________________________________________På MSN hittar du det roliga, intressanta och användbara på internet: http://www.msn.se
-------------------------------------------------------This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple stealth interfaces on one box mackan mackna (Jul 24)