[Snort-users] Very basic question

Tinsley Paul Paul.Tinsley at ...9244...
Wed May 21 11:28:06 EDT 2003

/sbin/ifconfig eth1 promisc
/usr/local/snort/bin/snort -D -o -b -i eth1 -c
/usr/local/snort/etc/snort.conf -u snort -g snort -I -l /usr/local/snort/log
-t /usr/local/snort

Thats the way I do it, hope that helps.

Flags from above:

-o Change the rule testing order to Pass|Alert|Log
-D Daemon
-b log packets in tcpdump format (much faster)
-u Run snort uid as <uname> user (or uid) after initialization
-g Run snort gid as <gname> group (or gid) after initialization
-I Add Interface name to alert output
-l Log to directory
-t Chroots process to <dir> after initialization
-i ethernet interface

-----Original Message-----
From: Ryan Koster [mailto:ryank at ...9248...]
Sent: Wednesday, May 21, 2003 12:55 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Very basic question

Sorry for a basic question but I am new to all this.  I am running Redhat 9
with two nics.  I would like to set eth0 with no ip address but still be
able to listen for IP traffic.  Can someone please tell me how this is done?


More information about the Snort-users mailing list