Snort mailing list archives

RE: Can Snort monitor multiple VLANs?

From: "Peter Barton" <PBarton () iesi com>
Date: Tue, 5 Apr 2005 11:01:57 -0500

If you are having Snort log directly to MySql then the easiest way to do
it is to have multiple instances of Snort running, one for each
interface.

 

My question to everyone is, what if you use Barnyard to write to MySql
and have Snort just write to binary files.  I still have multiple
instances of Snort running, but I can only seem to get one instance of
Barnyard running.  Is there a trick to this or am I just going about
this the wrong way?

 

Thanks,

 

Peter Barton

 

 

________________________________

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Escudero,
Peter Louis
Sent: Tuesday, April 05, 2005 10:54 AM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Can Snort monitor multiple VLANs?

 

Our IDS box is a Dell PE750 running SuSE Linux 9.1 Pro & snort v2.1.x,
with a quad 10/100 NIC card. Three of the ports are hooked up to 3
different Cisco switches, representing 3 different VLANs. We're able to
capture alerts from one switch, but not from the others. Is snort able
to monitor different VLANs? Or do we need a separate IDS box for each
VLAN? Any info you can provide will be greatly appreciated.

 

Peter Escudero

Current thread:

Can Snort monitor multiple VLANs? Escudero, Peter Louis (Apr 05)
- <Possible follow-ups>
- RE: Can Snort monitor multiple VLANs? Peter Barton (Apr 05)
  - Running multiple Barnyards (was Re: Can Snort monitor multiple VLANs?) Andrew R. Baker (Apr 06)
- RE: Can Snort monitor multiple VLANs? Escudero, Peter Louis (Apr 05)
- RE: Can Snort monitor multiple VLANs? Basselgia, Barry A Mr (NAF Atsugi) (Apr 05)