[Snort-users] Multi interface problem

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Mon Feb 28 03:53:20 EST 2005


--On 26 February 2005 10:26 +0100 Jose Maria Lopez Hernandez 
<jkerouac at ...12346...> wrote:

> El sáb, 26-02-2005 a las 14:49 +0800, abanger wu escribió:
>> snort  -i eth0 eth1 eth2 -c /etc/snort/snort.conf
>
> You can't use this syntax, you can't use more than one
> interface for the switch -i. If you are running Linux
> you can use the interface "any" to ask snort to listen
> on all interfaces.

Or, alternatively, bond them together, then use '-i bond0'. Jose's 
suggestion is best if you want to use different configurations for each 
instance of snort (and even better if you have multiple CPUs in your sensor 
host), using bonding is better if you're happy with a single configuration 
and you want better tracking of the state of connections. Swings n' 
roundabouts.

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list