Snort mailing list archives

Running two snort in IPS and IDS mode

From: Forensix Land <forensixland () gmail com>
Date: Mon, 24 Apr 2017 00:55:39 -0400

Hi,

We would like to run multiple snort instances in one box. One instance runs in IPS mode say eth1:eth2 against some ips 
rules only. Other instances run in IDS mode against vrt or et rules on eth2. 

Anybody sees any issues with the setup?
We plan to use connectivity-ips drop rules. Any recommendations on what ips rule family to use?

Thanks in advance!

FL

Sent from my iPhone
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Running two snort in IPS and IDS mode Forensix Land (Apr 23)