Snort mailing list archives

AW: Starter Doubts

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 22 May 2003 16:10:31 +0200

Hi Marcelo,
 
Of course this is possible, but your machine has to be well equiped if the
lines are saturated (watch the dropped packet statistics). Simply create
your snort.conf (or a snort.conf for each interface) and start an own snort
instance per interface. I described a setup in my howto at
http://www.lug-burghausen.org/dienste/projekte.html#snort
<http://www.lug-burghausen.org/dienste/projekte.html#snort>  (although the
frontpage is german the howto is english ;). It also contains a snortd
startup script for that environment except that it has not yet the
"multi-snort.conf" feature, but this shouldn't be too hard to implement.
 
BTW, all said has been proofed to work with linux, never tried another OS,
but *bsd should do the trick as well ;)
 
HTH,
Sandro



Dear Snort Users,

My Name is Marcelo. I'm new on SNort and i'm developing my IDS project based
on Snort.
 
 My question is: May i use a snort sensor computer to sniff more than one
network (with 3 or more nics, per exemple)?
 
 
 
 
Thanks for help.
 
 
Marcelo Ribeiro.

Current thread:

AW: Starter Doubts Poppi, Sandro (May 22)