Re: /etc/init.d/snort file, Snort 1.9.1

[Erek Adams <erek () snort org>]

On Mon, 7 Apr 2003 Elvira_Byrnes () mobileinnovations com au wrote:

> I am going through the installation of snort according to the manual created
> by Patrick Harper. This manual has the text of the snort file by Lukasz
> Szmit.
>
> I am wondering if anybody would be able to help me. I would like to run 3
> instances of snort on 3 interfaces - border, dmz and lan. How would I change
> this file around to reflect that? I created 3 mysql databases and I have 3
> snort.conf files. I will have 4 nics, 3 for snort and 1 for connection.

You don't need three databases.  You just need three .conf files.  On your
db output line, set your sensorname to 'dmz', 'border', or 'lan' as you
need.  Have a look at the DB output docs [0].

Then just change your HOME_NET to reflect each different network.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.8



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users