[Snort-devel] VLAN tagging

Chris Green cmg at ...402...
Thu Mar 27 05:47:14 EST 2003


Keith R Kilby <krkilby at ...1875...> writes:

> Chris
>
> Sorry for late reply working funny hours at the moment.
>
> Yes will do when I get the network back for testing.
>
> The other point is that eth1:1 is a physical interface whereas eth1.1
> should be the VLAN.

Snort only works on real interfaces.

> What I want to do is run several instances of SNORT for different
> VLAN's. Different alert and loging files.

We do not support this currently in snort.  After digging in
snort-users archive, it seems you can do this yourself by adding

snort <args here> -i eth1 vlan 1

for the bpf filter if you have pcap >= 0.6.2
-- 
Chris Green <cmg at ...402...>
Chicken's thinkin'




More information about the Snort-devel mailing list