[Snort-users] multiple stealth interfaces on one box
mackanspel at ...125...
Wed Jul 24 18:03:11 EDT 2002
red hat 7.3 (2.4.18 kernel) with 6 NICs, snort-1.8.7, acid
I want to monitor several segments (intermal LAN, DMZ, outside FW etc) on
I start up several instances of snort with different configs (snort -i eth1
-c snort1.conf, snort -i eth2 -c snort2.conf, etc)
What I want is a gui that can modify the rules for each interface. I've
tried webmin and activeworx. But they only recognise one sensor, probably
because I only have one mgmt interface (one ip-adress).
Can this be done? Or do I need one mgmt ipadress per sensor? What if i use
three NICs for mgmt each with an individual ip, and three for sensors, how
do i get snort to know which mgmt NIC belongs to which sensor NIC?
Another question: how can I separate alerts based on vlan tag (802.1q) in
Thanks in advance
På MSN hittar du det roliga, intressanta och användbara på internet:
More information about the Snort-users