Snort mailing list archives
Re: 3 or 4 NICs in a sensor?
From: "Mike McCabe" <mike () whiskerdreams net>
Date: Fri, 27 Sep 2002 08:12:31 -0400
I run three incidences of snort on one box. I use three different command lines to run on eth1, eth2 and eth3... Ethernet 4 is my management port. So I have 4 nics in the box and all runs just fine. My only problem seems to be when I get alot of alerts in the MySQL database cleaning them up takes the system to 100% cpu utilized. And Acid times out. I am beginning to look for possibly some other boxes to run the sensors on and have 1 box just for the MySQL and ACID interfaces. Mike ----- Original Message ----- From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com> To: "Snort List (E-mail)" <snort-users () lists sourceforge net> Sent: Thursday, September 26, 2002 6:18 PM Subject: [Snort-users] 3 or 4 NICs in a sensor?
Hello, I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2 NICs (1 for management, one for the sniffer). My current sensor is not exposed to heavy traffic and I was considering adding more NICs to the box so I can have it monitoring other segments at the same time, rather than build more sensors. Is anyone out there running Snort on a box with say, 4 NICs, where 3 of the NICs are each running their own Snort instance, monitoring different network segments? If traffic is light enough on each segment, it seems better not to waste extra hardware and build separate sensors. I wanted to get an idea if others are doing this, is it wise to do it,
will
it work etc? Thanks! Paul ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 3 or 4 NICs in a sensor? Sheahan, Paul (PCLN-NW) (Sep 26)
- Re: 3 or 4 NICs in a sensor? Mike McCabe (Sep 27)
- Re: 3 or 4 NICs in a sensor? Erek Adams (Sep 27)
- Re: 3 or 4 NICs in a sensor? Ben Feinstein (Sep 27)
- <Possible follow-ups>
- RE: 3 or 4 NICs in a sensor? Sheahan, Paul (PCLN-NW) (Sep 27)