RE: Multi interface problem

["Lodin, Steven" <steven.lodin () roche com>]

Ah, great info. I was just thinking about this.  I haven't had time to try it yet and am not physically near my console 
so I have one question for both the "any" and "-i bond0" solutions:

- Does the image size of snort increase when you increase the number of interfaces being snorted?

I have a low-memory system monitoring a low-bandwidth home environment and I would not like to see the amount of memory 
consumed by snort double/triple/quadruple based on snorting 2/3/4 interfaces simultaneously.

Thanks,

Steve


> > El sáb, 26-02-2005 a las 14:49 +0800, abanger wu escribió:
> > > snort  -i eth0 eth1 eth2 -c /etc/snort/snort.conf
> >
> > You can't use this syntax, you can't use more than one
> > interface for the switch -i. If you are running Linux
> > you can use the interface "any" to ask snort to listen
> > on all interfaces.
>
> Or, alternatively, bond them together, then use '-i bond0'. Jose's 
> suggestion is best if you want to use different 
> configurations for each 
> instance of snort (and even better if you have multiple CPUs 
> in your sensor 
> host), using bonding is better if you're happy with a single 
> configuration 
> and you want better tracking of the state of connections. Swings n' 
> roundabouts.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users