[Snort-users] Snort Deamon

Jose Maria Lopez Hernandez jkerouac at ...12346...
Wed Feb 23 14:46:49 EST 2005


El mié, 23-02-2005 a las 17:12 -0500, Jiju Menon escribió:
> IHello,
> 
> I am trying to use a Snort daemon from the website
> http://msbnetworks.net/snort/snortd.txt,
> 
> I am running snort on a machine with 3 interfaces and I would like to
> run snort in all interfaces.
> There is a parameter INTERFACE= , in the file. What value should I
> give if I want snort to sniff all interfaces?

Just use:
INTERFACE=any

But you have to change the script. What it's wrong it's the script
you are using. It specifies the variable INTERFACE but it doesn't
use it later to launch snort, so it won't work.

Change the line:
daemon /usr/local/bin/snort -u snort -g snort -d -D \
                -c /etc/snort/snort.conf

to:

daemon /usr/local/bin/snort -u snort -g snort -d -i $INTERFACE -D \
                -c /etc/snort/snort.conf

and it will work.

> By default, it takes only eth0 and does not seem to change interface
> even if I specify eth1, or eth2.
> 
> Any help is welcome.
> 
> Thank you

Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"






More information about the Snort-users mailing list