[Snort-users] snort with 2 nics - collecting only UDP data
tinu.patel at ...4164...
Tue Nov 27 08:18:03 EST 2001
I am pretty new to snort...so this may be a dumb question but here
I have a snort box that has 2 sensors running on 2 different nic's.
One of the nic's is capturing data outside the firewall and is working
perfectly fine. The other nic is capturing data inside the firewall
from a monitor port on an HP switch (where we forwarded all switch
traffic to). The internal sensor is only picking up UDP data... and a
TON of it. It doubled the database size and then some in one night
just from garbage sensor reports.
Why is it not picking any TCP traffic? Am I doing something wrong here?
My snort.conf has:
log tcp any any -> x.x.x.x/x any any
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users