Snort mailing list archives

re: Snort 1.9.1 Dual Sensor

From: "Michael J. McCasland" <mjm () nycap rr com>
Date: Tue, 11 Mar 2003 21:24:09 -0500

Setting up snort on two nics is rather simple:
For example:
snort -i eth1 -c /etc/snort/rules1/snort.conf
snort -i eth2 -c /etc/snort/rules2/snort.com

You also do not need to bind any IPaddress to the NICS used for snorting.

Keep your snort.conf files and all related rules seperate.

You can modify the snortd startup script to do the same. I currently runsnort at many sites using up to three sensors on a box watchingdifferent segments with tailored to fit rules and an aditional NIC setup with an IP. IDSpolicymgr is a great help in maintaining many sensors.

I also log to Postgres and use ACID for data analysis.

-mike mccasland




-------------------------------------------------------

This SF.net email is sponsored by:Crypto Challenge is now open!Get cracking and register here for some mind boggling fun andthe chance of winning an Apple iPod:

http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.9.1 Dual Sensor ANTONIO GUTIERREZ (Mar 11)
- Re: Snort 1.9.1 Dual Sensor Matt Kettler (Mar 11)
- <Possible follow-ups>
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 12)
- re: Snort 1.9.1 Dual Sensor Michael J. McCasland (Mar 12)
- RE: Snort 1.9.1 Dual Sensor Matt Kettler (Mar 12)
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 13)
  - Re: Snort 1.9.1 Dual Sensor Bennett Todd (Mar 13)
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 13)