Snort mailing list archives
Identifying monitoring interface w/snort and acidlab
From: cowboym () shmoo com
Date: Tue, 26 Aug 2003 12:13:45 -0800 (AKDT)
Hi Folks, I'm using acidlab/mysql as a front-end for several snort sensors, some of which have dual interfaces. On these particular machines, interface eth0 is used by the sensor for sending alerts to the mysql database, and eth1 is attached to a span port on a switch, and does not have an IP address assigned to it. When alerts from these dual-nic sensors are displayed in acidlab, they show up with a sensor address of "unknown:eth1:eth1". Does anyone have any ideas on how to change this to display the IP address of the configured interface (eth0) so I can identify which sensor is generating the alerts? I'm not sure if the fix lies within the snort config, or within the acidlab setup, so I thought I'd ask here while digging through documentation as well. Thanks in advance, ================================================================== Mike Messick Dona nobis pacem rm -rf /bin/laden PGP Key Fingerprint: email: cowboym () shmoo com 2048/0x57318496 053B 412B 82FC 3808 E141 CDCD 74AE 01C5 5731 8496 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Identifying monitoring interface w/snort and acidlab cowboym (Aug 27)
- Re: Identifying monitoring interface w/snort and acidlab Erek Adams (Aug 27)