Snort mailing list archives
RE: 3 or 4 NICs in a sensor?
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Fri, 27 Sep 2002 13:21:34 -0400
Thanks for the info. I clicked your link below, but it appears to be in another language. Do you have an english version of the HOWTO you are referring to? Thanks -----Original Message----- From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com] Sent: Friday, September 27, 2002 2:03 AM To: 'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail) Subject: AW: [Snort-users] 3 or 4 NICs in a sensor? Paul, I'm running a 6 NIC RH 7.2 box with 5 snort instances listening on 5 NICs (3x 100Mb/s, 2x 10Mb/s, not highly saturated). Works like a charm (ok, traffic has been rising over the month and snort reports some packet drops on 2 interfaces with values about 0.0xx%). Tuning should help to get back to 0.000% You might take a look on my HOWTO at http://www.lug-burghausen.org/projects/index.html#snort-stat where I described such a configuration. HTH, Sandro
Hello, I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2 NICs (1 for management, one for the sniffer). My current sensor is not exposed to heavy traffic and I was considering adding more NICs to the box so I can have it monitoring other segments at the same time, rather than build more sensors. Is anyone out there running Snort on a box with say, 4 NICs, where 3 of the NICs are each running their own Snort instance, monitoring different network segments? If traffic is light enough on each segment, it seems better not to waste extra hardware and build separate sensors. I wanted to get an idea if others are doing this, is it wise to do it, will it work etc? Thanks! Paul ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 3 or 4 NICs in a sensor? Sheahan, Paul (PCLN-NW) (Sep 26)
- Re: 3 or 4 NICs in a sensor? Mike McCabe (Sep 27)
- Re: 3 or 4 NICs in a sensor? Erek Adams (Sep 27)
- Re: 3 or 4 NICs in a sensor? Ben Feinstein (Sep 27)
- <Possible follow-ups>
- RE: 3 or 4 NICs in a sensor? Sheahan, Paul (PCLN-NW) (Sep 27)