[Snort-users] 3 or 4 NICs in a sensor?

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Thu Sep 26 15:19:02 EDT 2002


Hello,

I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2
NICs (1 for management, one for the sniffer). My current sensor is not
exposed to heavy traffic and I was considering adding more NICs to the box
so I can have it monitoring other segments at the same time, rather than
build more sensors. Is anyone out there running Snort on a box with say, 4
NICs, where 3 of the NICs are each running their own Snort instance,
monitoring different network segments? If traffic is light enough on each
segment, it seems better not to waste extra hardware and build separate
sensors. 

I wanted to get an idea if others are doing this, is it wise to do it, will
it work etc?

Thanks!
Paul





More information about the Snort-users mailing list