[Snort-users] /etc/init.d/snort file, Snort 1.9.1

Erek Adams erek at ...950...
Sun Apr 6 19:44:02 EDT 2003

On Mon, 7 Apr 2003 Elvira_Byrnes at ...8560... wrote:

> I am going through the installation of snort according to the manual created
> by Patrick Harper. This manual has the text of the snort file by Lukasz
> Szmit.
> I am wondering if anybody would be able to help me. I would like to run 3
> instances of snort on 3 interfaces - border, dmz and lan. How would I change
> this file around to reflect that? I created 3 mysql databases and I have 3
> snort.conf files. I will have 4 nics, 3 for snort and 1 for connection.

You don't need three databases.  You just need three .conf files.  On your
db output line, set your sensorname to 'dmz', 'border', or 'lan' as you
need.  Have a look at the DB output docs [0].

Then just change your HOME_NET to reflect each different network.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.8

More information about the Snort-users mailing list