Snort mailing list archives
Re: router installation?
From: Jason <security () brvenik com>
Date: Sun, 03 Oct 2004 19:08:10 -0400
There is no technical limitation to doing this, some even use snort-inline behind the firewall. Using a single homenet in -h is different than using a $HOME_NET for rules tuning. -h is for log directory creation and is likely not what you want. You should use a binary logging format like unified output and then have the logs post processed with something like barnyard. $HOME_NET is for easier rule tuning and supports multiple networks.
Once you have logging figured out you have many options on how to actually configure Snort. You can run multiple instances or have Snort monitor the virtual interface "any". If this were not a firewall then interface bonding might be appropriate to enable selective interface monitoring with a single instance of Snort.
I would suggest that if you are running on the firewall you either use a separate process for each interface and tune each ruleset appropriately or exploring running snort in inline mode.
Magnus Ternström wrote:
Hi,I'm thinking about giving the pig a try on my firewalls but i need to knowif snort supports running on a linux router with multiple NIC's. One has 5 networks in production enviroment.Why im asking is that all the guides tell me to specify _one_ "home net"with -h switch.Any hints and ideas are welcome. Kind regards,Magnus - Snort newbie
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- router installation? Magnus Ternström (Oct 03)
- Re: router installation? Jason (Oct 03)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jason (Oct 04)
- Re: router installation? Alex Butcher, ISC/ISYS (Oct 05)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jose Maria Lopez (Oct 04)
- Re: router installation? Jason (Oct 03)