multiple stealth interfaces on one box

["mackan mackna" <mackanspel () hotmail com>]

Hi all,

****my setup****

red hat 7.3 (2.4.18 kernel) with 6 NICs, snort-1.8.7, acid

****problem****

I want to monitor several segments (intermal LAN, DMZ, outside FW etc) on 
the computer.

I start up several instances of snort with different configs (snort -i eth1 
-c snort1.conf, snort -i eth2 -c snort2.conf, etc)

What I want is a gui that can modify the rules for each interface. I've 
tried webmin and activeworx. But they only recognise one sensor, probably 
because I only have one mgmt interface (one ip-adress).

Can this be done? Or do I need one mgmt ipadress per sensor? What if i use 
three NICs for mgmt each with an individual ip, and three for sensors, how 
do i get snort to know which mgmt NIC belongs to which sensor NIC?

Another question: how can I separate alerts based on vlan tag (802.1q) in 
ACID?

Thanks in advance

//Marcus





_________________________________________________________________
På MSN hittar du det roliga, intressanta och användbara på internet: 
http://www.msn.se



-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users