[Snort-users] Re: listening on two interfaces (Ronneil Camara)
joe at ...3851...
Wed Feb 6 18:51:05 EST 2002
Absolutely. just run 2 instances..
For ex, in windows, just open 2 DOS boxes.. run the same command line (or different ones, for different snort.conf perhaps?) use different command lines that specify which interface to run against, eg:
box one has..
> snort -c c:\snort\snort.conf -l c:\snort\logs -i1
box two has
> snort -c c:\snort\snort2.conf -l snort\logs -i2
etc etc. Add cards until you run out of PCI slots..
They can all log to ACID and it will know how many sensors you have and you can review the alerts by sensor etc. If this machine is on more than 1 net, be sure to use a "read only" cable on at least one interface (if not both.. see the FAQ)
More information about the Snort-users