[Snort-users] snort.conf and startup variables

Erek Adams erek at ...950...
Wed Feb 11 07:18:17 EST 2004


On Tue, 10 Feb 2004, Derek (X-Networks) wrote:

> If you'll permit me, I have two questions:
>
> 1) I've prepared a RedHat 9 system to run Snort 2.1 in IDS mode and when I
> type:
>
> snort -dev -c snort.conf
>
> ...the output on the screen shows (among other thing) the following:
>
> Decoding Ethernet on interface eth0
>
> ..but I do not see any information being written to the screen.
>
> When I type:
>
> snort -dev -c snort.conf -i eth1
>
> ...I see plenty of packet details being written to the screen. I am not
> entirely familiar with the file structure of Linux but I am sure there is a
> missing configuration somewhere in a startup script, that is either
> referencing eth0, or not referencing either eth0 or eth1. Where is this
> corrected?

Snort defaults to the 'first' NIC on the box.  In your case, that's eth0.


More information about the Snort-users mailing list