[Snort-users] SNORT on a firewall?
cmg at ...671...
Mon Mar 19 12:19:40 EST 2001
Robert.Searle at ...1614... writes:
> I have snort running on my firewall. The log directory contains
> various pieces of information (I am still not sure what they all mean). Is
> the information about things that went through ipchains (my Linux\RedHat 7.0
> firewall) or is this a list of everything that hit my firewall?
Are you running snort on the external interface or the interface used
to talk to the firewalled hosts? If snort is in promiscuous mode (
default ), it should log everything sent ot the fire wall if running
on external interface ( I *think* ipchains get applied after pcap has
its way ) and it should see what goes through on the internal
Chris Green <cmg at ...671...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-users