RE: Configure snort to use eth1

["James Lay" <jlay () slave-tothe-box net>]

Modify your /etc/init.d/snortd to reflect:

 

snort -i eth1 ..

 

James

 

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jim B
Sent: Tuesday, February 28, 2006 11:08 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Configure snort to use eth1

 

I believe the scipt being used is /etc/init.d/snortd, I did restart the
service with /etc/init.d/snortd restart.

 

I am running Red Hat Enterprise 4, I got the rpm from rpmfind.net, the rpm
is named            snort-2.3.3-1.2.el4.rf.i386.rpm
 

I installed the rpm with rpm -i  snort-2.3.3-1.2.el4.rf.i386.rpm
 

 

 

Jim

 

On 2/28/06, Patrick S. Harper <patrick () internetsecurityguru com> wrote: 

Are you sure that is the script used to launch snort?  Also, did you bounce
the service after you made the change?  A little more info like distro and 
install method would help too.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto: <mailto:snort-users-admin () lists sourceforge net>
snort-users-admin () lists sourceforge net] On Behalf Of Jim B
Sent: Tuesday, February 28, 2006 10:17 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Configure snort to use eth1 

I have changed the config in /etc/init.d/snortd to eth1 but when I run a "ps
aux grep snort" I still that eth0 is being used and if I grep eth in
/etc/snort/snort.conf there is no reference to use eth0 

I want to configure snort to pull traffic from both eth0 and eth1 but mostly
eth1.



Jim