OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: McCammon, Keith (Keith.McCammoneadvancemed.com)
Date: Tue May 14 2002 - 13:46:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Incidentally, I wrote up a fast and dirty how-to on running multiple instances of Snort on FreeBSD. There are lots of ways to do it, but this one suited my needs for rule segregation, etc. Maybe you'll find it of interest...

    <http://mccammon.org/security/snort_fbsd.htm>

    Cheers

    Keith

    -----Original Message-----
    From: Erek Adams [mailto:erektheadamsfamily.net]
    Sent: Tuesday, May 14, 2002 2:30 PM
    To: Jev
    Cc: snort-userslists.sourceforge.net
    Subject: Re: [Snort-users] -i any ?

    On Tue, 14 May 2002, Jev wrote:

    > I have seen mention of using '-i any' arg with snort in order to get it
    > to listen on all interfaces. I tried it on my multihomed freebsd
    > 4.5-stable box (no less than 4 interfaces) and I get the following
    > error.

    [...snip...]

    > Snort works fine when I specify one particular interface. Is the any
    > keyword related to the pcap lib?
    > Clarification greatly appreciated :)

    http://www.snort.org/docs/faq.html#3.4

    You'll need to run 4 instances. :-/

    -----
    Erek Adams
    Nifty-Type-Guy
    TheAdamsFamily.Net

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users