Snort mailing list archives
Couple of quick questions
From: Charles Lacroix <chuck () linuxquebec com>
Date: Tue, 23 Mar 2004 15:44:18 -0500
Hi there i am in process of implementing snort (on redhat linux) for monitoring some network activity, and i wanted to know something about network interfaces. in the init script, i see that it checks only for eth addr ---> cd /proc/sys/net/ipv4/conf; ls -d eth* ... what i want to monitor is the traffic going into other interfaces than eth* ... Here is where i want to be able to listen. in my cipe vpn interfaces ( cipcb* ) in my pptp vpn interfaces ( ppp* ) and also i noticed that my adsl connection ppp0 binded on eth0 So traffic comming from internet is not trigging any alerts nor creating $LOG/eth0 directory so basicly the question is : Is there was a reason for the init script to check only for eht* interfaces. While we are at it, can it listen to bonded interfaces like bond0 which joins a couple of interfaces together. By the way i use snort rpm and i repackage it to my needs. Thanks Charles ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Couple of quick questions Charles Lacroix (Mar 23)
- Re: Couple of quick questions Bennett Todd (Mar 23)
- Re: Couple of quick questions Jason Haar (Mar 23)
- Re: Couple of quick questions Charles Lacroix (Mar 24)
- Re: Couple of quick questions Jason Haar (Mar 23)
- Re: Couple of quick questions Bennett Todd (Mar 23)