[Snort-users] [Snorting 2 NICs]
martin at ...6084...
Thu Jun 13 17:44:23 EDT 2002
You probably want to use -i, -I is for "cosmetics".
fron snort -h
-i <if> Listen on interface <if>
-I Add Interface name to alert output
Gregory D Hough wrote:
>On June 11, 2002 12:11 am, K.S.NARAYANAN wrote:
>>I do in this way without any problem :-
>>* I have all my rules @ /etc/snort/rules .
>I haven't tweaked any rules thus far, since I get no alerts from the external
>>* I have 2 snort.conf files
>>o /etc/snortint.conf ( with more local rules )
>>o /etc/snortext.conf ( with standard snort rules )
>OK, I did this...
>>* A single snort binary & I call 2 instances of snort like this
>>o Snort -c /etc/snortint.conf -I eth0
>>o Snort -c /etc/snortext.conf -I eth1
>...here is where the trouble begins. The -I switch will not work at all for
>]# snort -c /usr/local/etc/snort/snortext.conf -I eth1
>Log directory = /var/log/snort
More information about the Snort-users