Re: Multiple sensors?

[Erek Adams <erek () snort org>]

On Tue, 18 Mar 2003, Keg wrote:

> I have 8 segments to monitor, should I install 8 snort boxes or can I
> use 1 box with 8 NICs running 8 instances of snort on different interfaces?
> Thank you.

It depends.

Does your Snort box sit in the network in such a way that it can see all
the traffic?  If it's running Linux 2.4+ kernel simply use "-i any" to
snarf traffic from all the interfaces.  Otherwise, you could bridge, bond,
or trunk interfaces into one logical interface for sniffing.  How much
sustained traffic?  How much bursting traffic?  Tuned ruleset?

It's not an exact science.  It's more along the lines of Voodoo.  And see,
they said being from Louisiana woudln't be useful!  ;-)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? 
You could win a Tablet PC. Get a free Tablet PC hat just for playing. 
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users