| View previous topic :: View next topic |
| Author |
Message |
flakzeus
Apprentice
Joined: 26 May 2004
Posts: 157
|
 Posted: Mon Jul 11, 2005 7:12 pm Post subject: Snort + Multiple Interfaces |
 |
|
Is it possible to run Snort on multiple interfaces without running it on All interfaces? I have 4 NIC's and I need snort to run on three out of the four.
I've tried snort -v -i eth0 -i eth1 but that doesn't seem to work as it gives me an error.
Thanks.
_________________
"I'm not a super genius...or are I?" - Homer Simpson |
|
| Back to top |
|
 |
ter_roshak
Apprentice
Joined: 31 Jan 2004
Posts: 171
Location: Everett, WA
|
| Posted: Mon Jul 11, 2005 8:51 pm Post subject: Re: Snort + Multiple Interfaces |
|
|
| flakzeus wrote: | Is it possible to run Snort on multiple interfaces without running it on All interfaces? I have 4 NIC's and I need snort to run on three out of the four.
I've tried snort -v -i eth0 -i eth1 but that doesn't seem to work as it gives me an error.
Thanks. |
One way of doing this would be to run an instance of Snort for each interface that you want it to run on:
| Code: |
snort -v -i eth0 &
snort -v -i eth1 &
|
You may have some logging and configuration issues that you need to iron out, but you can then have separate logs for each interface.
_________________
Josh Miller -- RHCE, VCP
Ditree Consulting
http://ditree.com/
Registered Linux User #318200 |
|
| Back to top |
|
|
flakzeus
Apprentice
Joined: 26 May 2004
Posts: 157
|
| Posted: Tue Jul 12, 2005 2:18 am Post subject: |
|
|
Thank you for your response, but ideally I would like to be able to only have one instance.
_________________
"I'm not a super genius...or are I?" - Homer Simpson |
|
| Back to top |
|
|
Noyan
Apprentice
Joined: 24 Mar 2005
Posts: 212
|
| Posted: Tue Jul 12, 2005 9:49 am Post subject: |
|
|
snort.conf
add second sensor...(interface) |
|
| Back to top |
|
|
|
Networking & Security
