[Snort-users] router installation?

Jose Maria Lopez jkerouac at ...12346...
Mon Oct 4 11:27:29 EDT 2004


El dom, 03 de 10 de 2004 a las 21:26, Magnus Ternström escribió:
> Hi,
>  
> I'm thinking about giving the pig a try on my firewalls but i need to
> know if snort supports
> running on a linux router with multiple NIC's. One has 5 networks in
> production enviroment.
>  
> Why im asking is that all the guides tell me to specify _one_ "home
> net" with -h switch.
>  
> Any hints and ideas are welcome.
>  
> Kind regards,
> Magnus - Snort newbie

Yes, you can. You have some options. You can use any number of
interfaces with Linux using the name "any" for the interface
in snort, and I think also that you can use the notation eth+
to use eth0, eth1, etc. With this notation and the feature of
the command "ip" to change the name of the interfaces you can
specify a group of interfaces in snort.

The HOME_NET variable can have any number of networks, there's
no problem there.

And you can also have a snort session for each interface, with
it's own configuration files, all running in the same machine and
even logging to the same database.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"





More information about the Snort-users mailing list