[Snort-users] Barnyard2 and AFPACKET
PS
packetstack at ...11827...
Mon Feb 6 14:50:41 EST 2012
It's not really a necessity for me, but I wanted to know if it was possible. Doing some searches online didn't lead to much. Thanks!
On Feb 6, 2012, at 2:33 PM, beenph wrote:
> On Mon, Feb 6, 2012 at 2:05 PM, PS <packetstack at ...11827...> wrote:
>> Hello,
>>
>> I would like to know how set the "config interface" option in the barnyard2.conf file when using Snort and AFPACKET
>> if it is possible. Is it possible to configure the file so that it can differentiate which interface the alert fired off on? I am
>> currently using interfaces eth0:eth1.
>>
>> Thanks!
>
> As far as i know, unified2 does not contain the information about the
> interface wich the event has been triggered from.
> I guess you could technically determine this by the source_ip
> destination_ip and the related sid and gid which would give you
> information on the flow of the event.
>
> -elz
More information about the Snort-users
mailing list