Snort mailing list archives

Re: dmz monitorin

From: Darren Spruell via Snort-users <snort-users () lists snort org>
Date: Sat, 22 Jul 2017 13:05:19 -0700

On Jul 22, 2017, at 6:44 AM, Cziple Csaba via Snort-users <snort-users () lists snort org> wrote:

Hi,

I m trying to monitor my dmz vlan with a dedicated snort host. My question is should i use a mirrored port ? Or the 
ids works if the host is part of that particular vlan.


Membership in a VLAN will not cause a host to receive all traffic for a VLAN. If you want that, you will need to 
configure a port mirror for the VLAN. Depending on your configuration and feature set of switch you could also 
monitor/mirror the uplink port for the VLAN for inbound/outbound traffic for VLAN. 

- Darren

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

dmz monitorin Cziple Csaba via Snort-users (Jul 22)
- Re: dmz monitorin Alberto Colosi via Snort-users (Jul 22)
- Re: dmz monitorin Darren Spruell via Snort-users (Jul 22)