Snort mailing list archives
AW: Starter Doubts
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 22 May 2003 16:10:31 +0200
Hi Marcelo, Of course this is possible, but your machine has to be well equiped if the lines are saturated (watch the dropped packet statistics). Simply create your snort.conf (or a snort.conf for each interface) and start an own snort instance per interface. I described a setup in my howto at http://www.lug-burghausen.org/dienste/projekte.html#snort <http://www.lug-burghausen.org/dienste/projekte.html#snort> (although the frontpage is german the howto is english ;). It also contains a snortd startup script for that environment except that it has not yet the "multi-snort.conf" feature, but this shouldn't be too hard to implement. BTW, all said has been proofed to work with linux, never tried another OS, but *bsd should do the trick as well ;) HTH, Sandro Dear Snort Users, My Name is Marcelo. I'm new on SNort and i'm developing my IDS project based on Snort. My question is: May i use a snort sensor computer to sniff more than one network (with 3 or more nics, per exemple)? Thanks for help. Marcelo Ribeiro.
Current thread:
- AW: Starter Doubts Poppi, Sandro (May 22)