[Snort-users] Multi interface problem
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Mon Feb 28 03:53:20 EST 2005
--On 26 February 2005 10:26 +0100 Jose Maria Lopez Hernandez
<jkerouac at ...12346...> wrote:
> El sáb, 26-02-2005 a las 14:49 +0800, abanger wu escribió:
>> snort -i eth0 eth1 eth2 -c /etc/snort/snort.conf
> You can't use this syntax, you can't use more than one
> interface for the switch -i. If you are running Linux
> you can use the interface "any" to ask snort to listen
> on all interfaces.
Or, alternatively, bond them together, then use '-i bond0'. Jose's
suggestion is best if you want to use different configurations for each
instance of snort (and even better if you have multiple CPUs in your sensor
host), using bonding is better if you're happy with a single configuration
and you want better tracking of the state of connections. Swings n'
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users