[Snort-users] Re: listening on two interfaces (Ronneil Camara)

Joe Pampel joe at ...3851...
Wed Feb 6 18:51:05 EST 2002


Absolutely. just run 2 instances.. 

For ex, in windows, just open 2 DOS boxes.. run the same command line (or different ones, for different snort.conf perhaps?) use different command lines that specify which interface to run against, eg:
box one has..
> snort -c c:\snort\snort.conf -l c:\snort\logs -i1
box two has
> snort -c c:\snort\snort2.conf -l snort\logs -i2

etc etc. Add cards until you run out of PCI slots..
They can all log to ACID and it will know how many sensors you have and you can review the alerts by sensor etc. If this machine is on more than 1 net, be sure to use a "read only" cable on at least one interface (if not both.. see the FAQ)

hth

Joe






More information about the Snort-users mailing list