Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multi interface problem

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Mon, 28 Feb 2005 11:51:37 +0000
--On 26 February 2005 10:26 +0100 Jose Maria Lopez Hernandez <jkerouac () bgsec com> wrote: 


El sáb, 26-02-2005 a las 14:49 +0800, abanger wu escribió:

snort  -i eth0 eth1 eth2 -c /etc/snort/snort.conf


You can't use this syntax, you can't use more than one
interface for the switch -i. If you are running Linux
you can use the interface "any" to ask snort to listen
on all interfaces.
Or, alternatively, bond them together, then use '-i bond0'. Jose's suggestion is best if you want to use different configurations for each instance of snort (and even better if you have multiple CPUs in your sensor host), using bonding is better if you're happy with a single configuration and you want better tracking of the state of connections. Swings n' roundabouts. 

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: