[Snort-users] 3 or 4 NICs in a sensor?

Mike McCabe mike at ...6998...
Fri Sep 27 05:13:06 EDT 2002

I run three incidences of snort on one box.  I use three different command
lines to run on eth1, eth2 and eth3... Ethernet 4 is my management port.  So
I have 4 nics in the box and all runs just fine.  My only problem seems to
be when I get alot of alerts in the MySQL database cleaning them up takes
the system to 100% cpu utilized.  And Acid times out.  I am beginning to
look for possibly some other boxes to run the sensors on and have 1 box just
for the MySQL and ACID interfaces.


----- Original Message -----
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan at ...2218...>
To: "Snort List (E-mail)" <snort-users at lists.sourceforge.net>
Sent: Thursday, September 26, 2002 6:18 PM
Subject: [Snort-users] 3 or 4 NICs in a sensor?

> Hello,
> I'm using Snort 1.8.7 on RHLinux7.0 on a Compaq DL360. Currently it has 2
> NICs (1 for management, one for the sniffer). My current sensor is not
> exposed to heavy traffic and I was considering adding more NICs to the box
> so I can have it monitoring other segments at the same time, rather than
> build more sensors. Is anyone out there running Snort on a box with say, 4
> NICs, where 3 of the NICs are each running their own Snort instance,
> monitoring different network segments? If traffic is light enough on each
> segment, it seems better not to waste extra hardware and build separate
> sensors.
> I wanted to get an idea if others are doing this, is it wise to do it,
> it work etc?
> Thanks!
> Paul
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list