RE: snort newbie help

[Jose Maria Lopez Hernandez <jkerouac () bgsec com>]

El lun, 28-02-2005 a las 16:45 -0500, Guillermo Padilla escribió:
> Regarding the bonding.. yes the bonding suggestion worked.  But will this work fine.. if I connect each sensor to 
> lets say a different hub on my network?  I need to sniff out different types of traffic, will snort be able to give 
> me all this info when snort is just running one instance with the bonding suggestion?
>
> Thx
> -guillermo

I think you have to check it by yourself. It depends enormously on
what you really want to do. The channel bonding method aggregates all
the traffic, so you have all the traffic from the hubs merged. If you
need to know what traffic it's originated on each network you will need
to use one instance of snort with it's own configuration for each
interface or hub you are using.

Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users