Snort mailing list archives
RE: Multi-homed Sensor
From: "Jim Hendrick" <jrhendri () maine rr com>
Date: Thu, 29 Jan 2004 10:47:57 -0500
$ man snort SNORT(8) SNORT(8) NAME Snort - open source network intrusion detection system SYNOPSIS snort [-abCdDeINopqsvVxX?] [-A alert-mode ] [-c rules-file ] [-F bpf-file ] [-g grpname ] [-h home-net ] [-i interface ] [-l log-dir ] [-L bin-log-file ] [-M smb-hosts-file ] [-n packet-count ] [-r tcpdump-file ] [-S n=v ] [-t chroot_directory ] [-u usrname ] expres sion so... use 4 instances of snort: snort <other options> -c <rules file1> -i <interface1> -l <log dir1> snort <other options> -c <rules file2> -i <interface2> -l <log dir2> snort <other options> -c <rules file3> -i <interface3> -l <log dir3> snort <other options> -c <rules file4> -i <interface4> -l <log dir4> and note that the PID files will be in: /var/run/snort_ethN.pid where N is the interface number. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Enerio, Rico Sent: Saturday, January 24, 2004 12:02 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Multi-homed Sensor I currently have a Linux box with 4 NICs. How do I configure it so that I can monitor each NIC separately with its own conf file? I have different subnets that I want to monitor. Thanks in Advance!
Current thread:
- Multi-homed Sensor Enerio, Rico (Jan 29)
- Re: Multi-homed Sensor Michael Boman (Jan 30)
- RE: Multi-homed Sensor Jim Hendrick (Jan 30)
- Re: Multi-homed Sensor Marc Spitzer (Jan 31)