Snort mailing list archives
Re: Bonding or bridging two subnets
From: <barryab63-ia () yahoo com>
Date: Wed, 28 Dec 2005 04:06:00 -0800 (PST)
Robert, First, lets try to head something off before it gets started. It's not a good idea to post the same question twice, especially within minutes of each other. This is a free support and it can take time to get answers. Some people get very irritated about this. I don't think you'll want to bond or bridge the two interfaces in the case you describe. I think you'll want to run multiple instances of snort, one for each of the two interfaces you want to monitor. If you installed via RPM on SUSE I think you can do this by changing the settings in the /etc/sysconfig/snort file. You just tell it which interfaces you want snort to monitor and it pretty much takes care of everything for you. Barry ----- Original Message ---- From: R. Welz <welz () fixe-post de> To: snort-users () lists sourceforge net Sent: Wednesday, December 28, 2005 8:58:02 PM Subject: [Snort-users] Bonding or bridging two subnets Hello. I do my first steps with snort. I want to run snort on a router+firewall (SuSE Linux 10) to observe the traffic of my internal network and my DMZ. Internet is not considered beeing observed. I have three nics: 192.168.11.1 (==a) 192.168.12.1 (==b) internet.ip.nnn.nnn (not to be considered) So snort shall observe the traffic on a) and b). Shall I bond the two nics together to a virtual interface? Or shall I simply bridging here? Thanks for help, Robert ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bonding or bridging two subnets welz (Dec 28)
- <Possible follow-ups>
- Bonding or bridging two subnets R. Welz (Dec 28)
- Re: Bonding or bridging two subnets barryab63-ia (Dec 28)
- Re: Bonding or bridging two subnets barryab63-ia (Dec 28)
- Re: Bonding or bridging two subnets Robert Welz (Dec 28)