Snort mailing list archives
Re: dmz monitorin
From: Darren Spruell via Snort-users <snort-users () lists snort org>
Date: Sat, 22 Jul 2017 13:05:19 -0700
On Jul 22, 2017, at 6:44 AM, Cziple Csaba via Snort-users <snort-users () lists snort org> wrote: Hi, I m trying to monitor my dmz vlan with a dedicated snort host. My question is should i use a mirrored port ? Or the ids works if the host is part of that particular vlan.
Membership in a VLAN will not cause a host to receive all traffic for a VLAN. If you want that, you will need to configure a port mirror for the VLAN. Depending on your configuration and feature set of switch you could also monitor/mirror the uplink port for the VLAN for inbound/outbound traffic for VLAN. - Darren
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- dmz monitorin Cziple Csaba via Snort-users (Jul 22)
- Re: dmz monitorin Alberto Colosi via Snort-users (Jul 22)
- Re: dmz monitorin Darren Spruell via Snort-users (Jul 22)