[Snort-users] SNORT on a firewall?

Chris Green cmg at ...671...
Mon Mar 19 12:19:40 EST 2001

Robert.Searle at ...1614... writes:

> Hi,
> 	I have snort running on my firewall.  The log directory contains
> various pieces of information (I am still not sure what they all mean).  Is
> the information about things that went through ipchains (my Linux\RedHat 7.0
> firewall) or is this a list of everything that hit my firewall?

Are you running snort on the external interface or the interface used
to talk to the firewalled hosts?  If snort is in promiscuous mode (
default ), it should log everything sent ot the fire wall if running
on external interface ( I *think* ipchains get applied after pcap has
its way ) and it should see what goes through on the internal

Chris Green <cmg at ...671...>
Laugh and the world laughs with you, snore and you sleep alone.

More information about the Snort-users mailing list