Snort mailing list archives

RE: Multihomed Sensor

From: "DeBerry, Casey" <Casey.DeBerry () trizetto com>
Date: Wed, 28 Jan 2004 07:33:52 -0700

Configure each individual network card as you would a promiscuous sniffer..
 
ala `ifconfig ethx promisc up`
(Assuming linux here)
 
Then, for each different instance, you need to create a  startup script.  I
usually put things in /etc/init.d and link to relevant rc.  Best thing to do
is check in the "contrib" source directory for the S99snort script.  For
each interface, create a copy of the script.. ie:
S99snort-eth0
S99snort-eth1
S99snort-eth2
 
etc..
 
Just open each script and change the IFACE=ethx to match your interface.
You can also specify differenct conf files in there for each instance if you
so desire.
 
Cheers,
Casey

-----Original Message-----
From: mailing-list
[mailto:IMCEAEX-_O=HCC+20INSURANCE+20HOLDINGS+2C+20INC+2E_OU=HCC-HOUSTON_CN=
RECIPIENTS_CN=MAILING-LIST () USSIC com]
Sent: Saturday, January 24, 2004 12:13 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Multihomed Sensor



I currently have a Linux box with 4 NICs.  How do I configure it so that I
can monitor each NIC separately with its own conf file?  I have different
subnets that I want to monitor. 

Thanks in Advance!

Current thread:

Multihomed Sensor mailing-list (Jan 27)
- <Possible follow-ups>
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor Dean Davis (Jan 28)
- RE: Multihomed Sensor Kreimendahl, Chad J (Jan 28)
- RE: Multihomed Sensor DeBerry, Casey (Jan 28)
- RE: Multihomed Sensor mailing-list (Jan 31)