Snort mailing list archives
RE: Very basic question
From: Tinsley Paul <Paul.Tinsley () HCAhealthcare com>
Date: Wed, 21 May 2003 13:26:19 -0500
/sbin/ifconfig eth1 promisc /usr/local/snort/bin/snort -D -o -b -i eth1 -c /usr/local/snort/etc/snort.conf -u snort -g snort -I -l /usr/local/snort/log -t /usr/local/snort Thats the way I do it, hope that helps. Flags from above: -o Change the rule testing order to Pass|Alert|Log -D Daemon -b log packets in tcpdump format (much faster) -u Run snort uid as <uname> user (or uid) after initialization -g Run snort gid as <gname> group (or gid) after initialization -I Add Interface name to alert output -l Log to directory -t Chroots process to <dir> after initialization -i ethernet interface -----Original Message----- From: Ryan Koster [mailto:ryank () osisonline net] Sent: Wednesday, May 21, 2003 12:55 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Very basic question Sorry for a basic question but I am new to all this. I am running Redhat 9 with two nics. I would like to set eth0 with no ip address but still be able to listen for IP traffic. Can someone please tell me how this is done? Thanks, Ryan ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Very basic question Ryan Koster (May 21)
- Re: Very basic question Demetri Mouratis (May 21)
- <Possible follow-ups>
- Re: Very basic question Matt Kettler (May 21)
- RE: Very basic question Tinsley Paul (May 21)