[Snort-users] Snort Daemon More Help Needed

Jiju Menon security4rrm at ...11827...
Fri Feb 25 13:05:03 EST 2005


2/24

Hello,

Thanks to Mr. Maria Lopez Hernandez for responding especially for
clearly pointing the change to me. I am not well versed in scripts.

I did as was advised. When I try to start the service it fails. Is
there anything more that I should do to get the script running on all
three interfaces?

Thank you.





----------------------------------------------------------------------------------------
HISTORY
-----------------------------------------------------------------------------------------


> Message: 7
> Date: Wed, 23 Feb 2005 17:12:47 -0500
> From: Jiju Menon <security4rrm at ...11827...>
> Reply-To: Jiju Menon <security4rrm at ...11827...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort Deamon
> 
> IHello,
> 
> I am trying to use a Snort daemon from the website
> http://msbnetworks.net/snort/snortd.txt,
> 
> I am running snort on a machine with 3 interfaces and I would like to
> run snort in all interfaces.
> There is a parameter INTERFACE= , in the file. What value should I
> give if I want snort to sniff all interfaces?
> 
> By default, it takes only eth0 and does not seem to change interface
> even if I specify eth1, or eth2.
> 
> Any help is welcome.
> 
> Thank you
> 
> --__--__--
> 
> Message: 8
> Subject: Re: [Snort-users] Snort Deamon
> From: Jose Maria Lopez Hernandez <jkerouac at ...12346...>
> To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
> Organization: bgSEC
> Date: Wed, 23 Feb 2005 23:46:52 +0100
> 
> El mi=C3=A9, 23-02-2005 a las 17:12 -0500, Jiju Menon escribi=C3=B3:
> > IHello,
> >=20
> > I am trying to use a Snort daemon from the website
> > http://msbnetworks.net/snort/snortd.txt,
> >=20
> > I am running snort on a machine with 3 interfaces and I would like to
> > run snort in all interfaces.
> > There is a parameter INTERFACE=3D , in the file. What value should I
> > give if I want snort to sniff all interfaces?
> 
> Just use:
> INTERFACE=3Dany
> 
> But you have to change the script. What it's wrong it's the script
> you are using. It specifies the variable INTERFACE but it doesn't
> use it later to launch snort, so it won't work.
> 
> Change the line:
> daemon /usr/local/bin/snort -u snort -g snort -d -D \
>                 -c /etc/snort/snort.conf
> 
> to:
> 
> daemon /usr/local/bin/snort -u snort -g snort -d -i $INTERFACE -D \
>                 -c /etc/snort/snort.conf
> 
> and it will work.
> 
> > By default, it takes only eth0 and does not seem to change interface
> > even if I specify eth1, or eth2.
> >=20
> > Any help is welcome.
> >=20
> > Thank you
> 
> Regards.
> 
> --=20
> 
> Jose Maria Lopez Hernandez
> Director Tecnico de bgSEC
> jkerouac at ...12346...
> bgSEC Seguridad y Consultoria de Sistemas Informaticos
> http://www.bgsec.com




More information about the Snort-users mailing list