Snort mailing list archives

Previous By Date Next
Previous By Thread Next

config binding config questions

From: Evan Rinaldo <evanrin () gmail com>
Date: Fri, 26 Jul 2013 13:04:55 -0500
We have 2 sniffing interfaces.  One for our LAN and the other for our
DMZ subnet. I would like to utilize config binding instead of starting
two separate instances of snort.  Logically I would also like to
refrain from bonding the interfaces.  I have a few questions about the
configuration.


So if I set up the subnets in the snort.conf file:


config binding: /etc/snort/snort-LAN.conf net 192.168.0.0/24
config binding: /etc/snort/snort-DMZ.conf net 172.16.0.0/21


I understand that the /etc/snort/snort.conf is the catch all
configuration.  And that the subsequent .conf files is where I can
specify separate variables, rules, preprocessors..etc.

Is it best to keep the default HOME_NET as any on the catch all snort.conf?

Would I specify config logdir in each separate .conf file, or is it
best to do this via -l when we run our snort command?  We would like
them to log to their own log file.


What about if we run snort in daemon mode.  The manpage states alerts
are sent to /var/log/snort/alert unless otherwise specified.  With the
config binding in place will it then log to whatever is set in config
logdir?  Will it still use the default?  Or will it use the info in
snort.conf?


This is my first attempt at this so if anyone is running snort in this
config.  I would very much like to see an example snort.conf, and the
other .conf files specified in config binding.


Thanks in advanced.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: