AW: [Snort-users] 3 or 4 NICs in a sensor?
Sandro.Poppi at ...3316...
Thu Sep 26 23:04:02 EDT 2002
I'm running a 6 NIC RH 7.2 box with 5 snort instances listening on 5 NICs
(3x 100Mb/s, 2x 10Mb/s, not highly saturated). Works like a charm (ok,
traffic has been rising over the month and snort reports some packet drops
on 2 interfaces with values about 0.0xx%). Tuning should help to get back to
You might take a look on my HOWTO at
http://www.lug-burghausen.org/projects/index.html#snort-stat where I
described such a configuration.
> I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360.
> Currently it has 2
> NICs (1 for management, one for the sniffer). My current sensor is not
> exposed to heavy traffic and I was considering adding more
> NICs to the box
> so I can have it monitoring other segments at the same time,
> rather than
> build more sensors. Is anyone out there running Snort on a
> box with say, 4
> NICs, where 3 of the NICs are each running their own Snort instance,
> monitoring different network segments? If traffic is light
> enough on each
> segment, it seems better not to waste extra hardware and
> build separate
> I wanted to get an idea if others are doing this, is it wise
> to do it, will
> it work etc?
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users