[Snort-users] Snort on multiple interfaces

Jose Maria Lopez jkerouac at ...12346...
Sat Nov 6 10:04:58 EST 2004


El mié, 03 de 11 de 2004 a las 17:38, Jeffries, Michael MJ escribió:
> Hi there,
> 
> I have a box with 3 interfaces pointing at different networks, I am
> running fedora 9.2. How can I get snort to sniff on more than one
> interface?
> 
> Do I just start two sessions of snort up as follows ?
> 
> snort -c /etc/snort/snort.conf -i eth0 &
> snort -c /etc/snort/snort.conf -i eth1 &
> 
> Or is there a better way to do this?
> 
> Thanks a ton
> Mike

If you want to listen on all the interfaces you can use "any"
to do it. If you have, let's say, eth0, eth1, eth2, eth3, eth4
and you only want to snort on eth0, eth1 and eth2 you can change
the name of the interfaces with the "ip" command from iproute2
to something like sn0, sn1, sn2 and use the word "sn+", I think
snort can accept it.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"





More information about the Snort-users mailing list