Snort mailing list archives
Re: [Snorting 2 NICs]
From: Martin Forest <martin () forest gen nz>
Date: Wed, 12 Jun 2002 15:03:56 +1200
You probably want to use -i, -I is for "cosmetics". fron snort -h -i <if> Listen on interface <if> -I Add Interface name to alert output /Martin Forest Gregory D Hough wrote:
On June 11, 2002 12:11 am, K.S.NARAYANAN wrote:I haven't tweaked any rules thus far, since I get no alerts from the external interface yet.I do in this way without any problem :- * I have all my rules @ /etc/snort/rules .* I have 2 snort.conf files o /etc/snortint.conf ( with more local rules ) o /etc/snortext.conf ( with standard snort rules )OK, I did this......here is where the trouble begins. The -I switch will not work at all for either command:* A single snort binary & I call 2 instances of snort like this o Snort -c /etc/snortint.conf -I eth0 o Snort -c /etc/snortext.conf -I eth1]# snort -c /usr/local/etc/snort/snortext.conf -I eth1 Log directory = /var/log/snort <snip>
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Snorting 2 NICs] Gregory D Hough (Jun 10)
- Re: [Snorting 2 NICs] Petr Ruzicka (Jun 10)
- <Possible follow-ups>
- RE: [Snorting 2 NICs] McCammon, Keith (Jun 10)
- RE: [Snorting 2 NICs] K.S.NARAYANAN (Jun 10)
- Re: [Snorting 2 NICs] Gregory D Hough (Jun 11)
- Re: [Snorting 2 NICs] Erek Adams (Jun 11)
- RE: [Snorting 2 NICs] K.S.NARAYANAN (Jun 11)
- Re: [Snorting 2 NICs] Martin Forest (Jun 13)
- RE: [Snorting 2 NICs] K.S.NARAYANAN (Jun 10)
- FW: [Snorting 2 NICs] McCammon, Keith (Jun 10)
- RE: [Snorting 2 NICs] COULOMBE, TROY (Jun 11)