[Snort-users] multiple stealth interfaces on one box

mackan mackna mackanspel at ...125...
Wed Jul 24 18:03:11 EDT 2002


Hi all,

****my setup****

red hat 7.3 (2.4.18 kernel) with 6 NICs, snort-1.8.7, acid

****problem****

I want to monitor several segments (intermal LAN, DMZ, outside FW etc) on 
the computer.

I start up several instances of snort with different configs (snort -i eth1 
-c snort1.conf, snort -i eth2 -c snort2.conf, etc)

What I want is a gui that can modify the rules for each interface. I've 
tried webmin and activeworx. But they only recognise one sensor, probably 
because I only have one mgmt interface (one ip-adress).

Can this be done? Or do I need one mgmt ipadress per sensor? What if i use 
three NICs for mgmt each with an individual ip, and three for sensors, how 
do i get snort to know which mgmt NIC belongs to which sensor NIC?

Another question: how can I separate alerts based on vlan tag (802.1q) in 
ACID?

Thanks in advance

//Marcus





_________________________________________________________________
På MSN hittar du det roliga, intressanta och användbara på internet: 
http://www.msn.se





More information about the Snort-users mailing list