AW: [Snorting 2 NICs]

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

[snip]
> From man snort:

       -i interface
              Sniff packets on interface.

       -I     Print out the receiving interface name in alerts.

> I am going to let it run like this for a day or so and see 
> what it does. I 
> still do not think any alerts will come from the external snort.
>
> One thing I should mention is that being sort of a newbie, I 
> am trying to 
> administer most servers /etc from the Webmin GUI. Don't 
> laugh, it is a good 
> learning tool. I am comfortable at the command line however. 
> The Webmin tool 
> only allows me to set up a single interface. So I use it for 
> the internal and 
> fire up the external via the shell. Just out of curiosity, is 
> it possible to 
> initialize both interfaces with a single command? For 
> example, Sandro offered 
> a snort.multi script, but it was way out of my league.

Well, ok, if you are not interested in using swatch you can delete all the
swatch lines in my snort.multi script.

The only thing you have to do then is to set the variable INTERFACE to hold
all your "snortable" interfaces like in

INTERFACE="eth0 eth1 eth2"

BUT: My script is not yet set up to work with different configs for each
snort instance, although I think this will be changed in a future version.

So you're still on your own if that's what you require ;(

So long,
Sandro

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users