[Snort-users] /etc/init.d/snort file, Snort 1.9.1

Erek Adams erek at ...950...
Sun Apr 6 19:44:02 EDT 2003


On Mon, 7 Apr 2003 Elvira_Byrnes at ...8560... wrote:

> I am going through the installation of snort according to the manual created
> by Patrick Harper. This manual has the text of the snort file by Lukasz
> Szmit.
>
> I am wondering if anybody would be able to help me. I would like to run 3
> instances of snort on 3 interfaces - border, dmz and lan. How would I change
> this file around to reflect that? I created 3 mysql databases and I have 3
> snort.conf files. I will have 4 nics, 3 for snort and 1 for connection.

You don't need three databases.  You just need three .conf files.  On your
db output line, set your sensorname to 'dmz', 'border', or 'lan' as you
need.  Have a look at the DB output docs [0].

Then just change your HOME_NET to reflect each different network.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.8





More information about the Snort-users mailing list