RE: Very basic question

[Tinsley Paul <Paul.Tinsley () HCAhealthcare com>]

/sbin/ifconfig eth1 promisc
/usr/local/snort/bin/snort -D -o -b -i eth1 -c
/usr/local/snort/etc/snort.conf -u snort -g snort -I -l /usr/local/snort/log
-t /usr/local/snort

Thats the way I do it, hope that helps.

Flags from above:

-o Change the rule testing order to Pass|Alert|Log
-D Daemon
-b log packets in tcpdump format (much faster)
-u Run snort uid as <uname> user (or uid) after initialization
-g Run snort gid as <gname> group (or gid) after initialization
-I Add Interface name to alert output
-l Log to directory
-t Chroots process to <dir> after initialization
-i ethernet interface

-----Original Message-----
From: Ryan Koster [mailto:ryank () osisonline net]
Sent: Wednesday, May 21, 2003 12:55 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Very basic question


Sorry for a basic question but I am new to all this.  I am running Redhat 9
with two nics.  I would like to set eth0 with no ip address but still be
able to listen for IP traffic.  Can someone please tell me how this is done?

 
Thanks,
Ryan


-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users