[Snort-users] Can Snort monitor multiple VLANs?
PBarton at ...13242...
Tue Apr 5 09:02:29 EDT 2005
If you are having Snort log directly to MySql then the easiest way to do
it is to have multiple instances of Snort running, one for each
My question to everyone is, what if you use Barnyard to write to MySql
and have Snort just write to binary files. I still have multiple
instances of Snort running, but I can only seem to get one instance of
Barnyard running. Is there a trick to this or am I just going about
this the wrong way?
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Escudero,
Sent: Tuesday, April 05, 2005 10:54 AM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Can Snort monitor multiple VLANs?
Our IDS box is a Dell PE750 running SuSE Linux 9.1 Pro & snort v2.1.x,
with a quad 10/100 NIC card. Three of the ports are hooked up to 3
different Cisco switches, representing 3 different VLANs. We're able to
capture alerts from one switch, but not from the others. Is snort able
to monitor different VLANs? Or do we need a separate IDS box for each
VLAN? Any info you can provide will be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users