[Snort-users] Can Snort monitor multiple VLANs?

Peter Barton PBarton at ...13242...
Tue Apr 5 09:02:29 EDT 2005


If you are having Snort log directly to MySql then the easiest way to do
it is to have multiple instances of Snort running, one for each
interface.

 

My question to everyone is, what if you use Barnyard to write to MySql
and have Snort just write to binary files.  I still have multiple
instances of Snort running, but I can only seem to get one instance of
Barnyard running.  Is there a trick to this or am I just going about
this the wrong way?

 

Thanks,

 

Peter Barton

 

 

________________________________

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Escudero,
Peter Louis
Sent: Tuesday, April 05, 2005 10:54 AM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Can Snort monitor multiple VLANs?

 

Our IDS box is a Dell PE750 running SuSE Linux 9.1 Pro & snort v2.1.x,
with a quad 10/100 NIC card. Three of the ports are hooked up to 3
different Cisco switches, representing 3 different VLANs. We're able to
capture alerts from one switch, but not from the others. Is snort able
to monitor different VLANs? Or do we need a separate IDS box for each
VLAN? Any info you can provide will be greatly appreciated.

 

Peter Escudero 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050405/239f01ff/attachment.html>


More information about the Snort-users mailing list