Snort mailing list archives
RE: Snort 1.9.1 Dual Sensor
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 12 Mar 2003 15:14:03 -0500
In that situation the FAQ is still applicable..The proper way to do multiple interfaces if "any" doesn't suit or is not an option on your OS is to run multiple snort instances.
AFKAIK there's no way to specify multiple interfaces to the pcap layer, so any "built in" support for multiple interfaces would be just as heavy-weight on your system as running multiple copies of snort because that's more-or-less what snort would wind up having to do internally. (some very limited resources sharing would be possible, but probably not enough to be worth the effort)
Since there'd be no significant performance advantage, and it would be hiding the heavy performance impact, I'd not expect to see this feature added to snort anytime soon, but I'm not a developer of snort, so don't quote me on it.
At 10:12 AM 3/12/2003 +0000, Grime, Richard S wrote:
Also, we run it using bonded interfaces, as the "any" isn't much good when there's a management interface you don't want to look at. -----Original Message----- From: Matt Kettler [mailto:mkettler () evi-inc com] Sent: 11 March 2003 23:05 To: ANTONIO GUTIERREZ; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort 1.9.1 Dual Sensor This is FAQ number 3.4: http://www.snort.org/docs/faq.html#3.4 At 04:06 PM 3/11/2003 -0600, ANTONIO GUTIERREZ wrote: >Can Snort monitor or Collect data on two NICS? if so How?
-------------------------------------------------------This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9.1 Dual Sensor ANTONIO GUTIERREZ (Mar 11)
- Re: Snort 1.9.1 Dual Sensor Matt Kettler (Mar 11)
- <Possible follow-ups>
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 12)
- re: Snort 1.9.1 Dual Sensor Michael J. McCasland (Mar 12)
- RE: Snort 1.9.1 Dual Sensor Matt Kettler (Mar 12)
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 13)
- Re: Snort 1.9.1 Dual Sensor Bennett Todd (Mar 13)
- RE: Snort 1.9.1 Dual Sensor Grime, Richard S (Mar 13)