Snort mailing list archives
Re: Multiple sensors?
From: Erek Adams <erek () snort org>
Date: Tue, 18 Mar 2003 14:18:43 -0500 (EST)
On Tue, 18 Mar 2003, Keg wrote:
I have 8 segments to monitor, should I install 8 snort boxes or can I use 1 box with 8 NICs running 8 instances of snort on different interfaces? Thank you.
It depends. Does your Snort box sit in the network in such a way that it can see all the traffic? If it's running Linux 2.4+ kernel simply use "-i any" to snarf traffic from all the interfaces. Otherwise, you could bridge, bond, or trunk interfaces into one logical interface for sniffing. How much sustained traffic? How much bursting traffic? Tuned ruleset? It's not an exact science. It's more along the lines of Voodoo. And see, they said being from Louisiana woudln't be useful! ;-) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple sensors? Keg (Mar 18)
- Re: Multiple sensors? Erek Adams (Mar 18)
- Re: Multiple sensors? Keg (Mar 18)
- Re: Multiple sensors? Erek Adams (Mar 18)