[Snort-users] Barnyard2 and AFPACKET

beenph beenph at ...11827...
Mon Feb 6 14:33:46 EST 2012


On Mon, Feb 6, 2012 at 2:05 PM, PS <packetstack at ...11827...> wrote:
> Hello,
>
> I would like to know how set the "config interface" option in the barnyard2.conf file when using Snort and AFPACKET
> if it is possible. Is it possible to configure the file so that it can differentiate which interface the alert fired off on? I am
> currently using interfaces eth0:eth1.
>
> Thanks!

As far as i know, unified2 does not contain the information about the
interface wich the event has been triggered from.
I guess you could technically determine this by the source_ip
destination_ip and the related sid and gid which would give you
information on the flow of the event.

-elz




More information about the Snort-users mailing list