[Snort-users] question about using SNORT to look at multiple NICs on one system
Jacobi, Michael W CIV NSWCCD Philadelphia, 10432
michael.jacobi1 at ...7622...
Tue Aug 11 11:45:51 EDT 2015
After a reorganization of our snort sensors, we have one system that is looking at traffic on multiple NICs and I seem to be seeing detects on only one of them and I am trying to find why. Before the change, the sensors at these locations were generating alerts. Currently, there are SNORT instances on this system for each of the NICs in question and a quick TCPDUMP shows that all of the interfaces are seeing traffic. Besides having a SNORT instance on this system for each NIC we want to monitor, Is there anything else that I need to do to make this work (we are currently using BARNYARD2 to get the alerts to a central database)?
NSWC Philadelphia PA
More information about the Snort-users