[Snort-users] [Snorting 2 NICs]

Martin Forest martin at ...6084...
Thu Jun 13 17:44:23 EDT 2002


You probably want to use -i, -I is for "cosmetics".

fron snort -h
        -i <if>    Listen on interface <if>
        -I         Add Interface name to alert output
/Martin Forest

Gregory D Hough wrote:

>On June 11, 2002 12:11 am, K.S.NARAYANAN wrote:
>
>>I do in this way without any problem :-
>>
>>* I have all my rules @ /etc/snort/rules .
>>
>I haven't tweaked any rules thus far, since I get no alerts from the external 
>interface yet.
>
>>* I have 2 snort.conf files
>>o /etc/snortint.conf  ( with more local rules )
>>o /etc/snortext.conf  ( with standard snort rules )
>>
>OK, I did this...
>
>>* A single snort binary & I call 2 instances of snort like this
>>o Snort -c /etc/snortint.conf -I eth0
>>o Snort -c /etc/snortext.conf -I eth1
>>
>...here is where the trouble begins. The -I switch will not work at all for 
>either command:
>]# snort -c /usr/local/etc/snort/snortext.conf -I eth1
>Log directory = /var/log/snort
>
><snip>
>






More information about the Snort-users mailing list