|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Snorting on 2 interfaces
From: AJ Butcher, Information Systems and Computing (Alex.Butcher
bristol.ac.uk)
Date: Thu Apr 22 2004 - 02:53:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On 17 April 2004 13:26 -0600 Conan the Librarian
<conan_the_librarianadelphia.net> wrote:
> Hello all,
>
> Need a little help here configuring snort to sniff on two interfaces
> simultaneously in a low traffic environment.
>
> Tried editing /etc/init.d/snort config file with IFACE=eth0,eth1
That will try to sniff on an interface named "eth0,eth1" and will almost
certainly fail.
> then IFACE=[eth0,eth1]
Bogus.
> then two separate lines of IFACE=eth0 and IFACE=eth1
The second line will redefine the shell variable IFACE from eth0 to eth1
and snort will only sniff on eth1.
> all with no joy. Read Beale, Foster and Posluns' book cover to cover.
> Checked man pages. Searched archives. All have HINTS that it can be done
> but no one specifies the syntax of the initiation or conf file.
With the standard snortd init script, setting
IFACE="eth1 -i eth0 -i eth3"
should work. Note the '-i's for the second and subsequent interfaces.
Alternatively, bond the interfaces together, and attach snort to the bond0
interface.
> Anyone done this before?
> MJ
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]