RE: Multi-homed Sensor

["Jim Hendrick" <jrhendri () maine rr com>]

$ man snort
SNORT(8)                                                 SNORT(8)
 
NAME
       Snort - open source network intrusion detection system
 
SYNOPSIS
       snort  [-abCdDeINopqsvVxX?] [-A alert-mode ] [-c rules-file ] [-F
bpf-file ] [-g grpname ]
       [-h home-net ] [-i interface ] [-l log-dir ] [-L bin-log-file ] [-M
smb-hosts-file  ]  [-n
       packet-count  ]  [-r tcpdump-file ] [-S n=v ] [-t chroot_directory ]
[-u usrname ] expres­
       sion
 
so... use 4 instances of snort:
snort <other options> -c <rules file1> -i <interface1> -l <log dir1>
snort <other options> -c <rules file2> -i <interface2> -l <log dir2>
snort <other options> -c <rules file3> -i <interface3> -l <log dir3>
snort <other options> -c <rules file4> -i <interface4> -l <log dir4>
 
and note that the PID files will be in:
/var/run/snort_ethN.pid
where N is the interface number.
 
 
 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Enerio, Rico
Sent: Saturday, January 24, 2004 12:02 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Multi-homed Sensor



I currently have a Linux box with 4 NICs.  How do I configure it so that I
can monitor each NIC separately with its own conf file?  I have different
subnets that I want to monitor.

Thanks in Advance!