[Snort-users] configuring snort 2.9.1 as IPS?

jorbru30 at ...5068... jorbru30 at ...5068...
Wed Jun 27 11:58:40 EDT 2012


I need help in running snort as an IPS. I am running snort version 2.9.1 using the following command. 

     snort --daq afpacket -i eth0:eth1 -Q --daq-dir=/usr/local/lib/daq -l /var/log/snort -c /usr/local/snort/etc/snort.conf 

I expected snort to process packets transmitted from eth0  to eth1 and  packets transmitted from  eth1 to eth0 but instead I see snort processing double the number of these packets . It seems to me it is processing every packet  captured from eth0 and eth1 . 

Please help me if there is any problem with my command/configuration . 

I appreciate any help! 

Thank you. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120627/1213ac53/attachment.html>

More information about the Snort-users mailing list