Snort mailing list archives

RE: Multihomed Sensor

From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Wed, 28 Jan 2004 10:01:00 -0600


A possible solution to this is to enable polling on your network
devices.  Depending on what OS you use, this can be easy or potentially
difficult.   If it's FreeBSD 4.8 and above or Solaris 8 or above... I
have some config stuff that may help you out.


-----Original Message-----
From: Dean Davis [mailto:Dean.Davis () mbg-inc com] 
Sent: Wednesday, January 28, 2004 9:52 AM
To: Kreimendahl, Chad J; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Multihomed Sensor


Also:

Ensure that you have enough CPU power to handle the added load of
running 4 instances of Snort. In my environment, I have 4 interfaces,
but reserve 1 exclusively for management because oft-times, I've been
unable to even SSH into the interface that Snort is running on.

Thanks,
Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com
-----Original Message-----
From: Kreimendahl, Chad J [mailto:Chad.Kreimendahl () umb com] 
Sent: Wednesday, January 28, 2004 10:34 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Multihomed Sensor



You'll have to run a unique instance of snort for each interface... 
-----Original Message-----
From: mailing-list
[mailto:IMCEAEX-_O=HCC+20INSURANCE+20HOLDINGS+2C+20INC+2E_OU=HCC-HOUSTON
_CN=RECIPIENTS_CN=MAILING-LIST () USSIC com] 
Sent: Saturday, January 24, 2004 1:13 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Multihomed Sensor


I currently have a Linux box with 4 NICs.  How do I configure it so that
I can monitor each NIC separately with its own conf file?  I have
different subnets that I want to monitor. 
Thanks in Advance!


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Multihomed Sensor mailing-list (Jan 27)
- <Possible follow-ups>
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor Dean Davis (Jan 28)
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor DeBerry, Casey (Jan 28)
- RE: Multihomed Sensor mailing-list (Jan 31)