[Snort-users] Running two snort in IPS and IDS mode

Forensix Land forensixland at ...11827...
Mon Apr 24 00:55:39 EDT 2017


We would like to run multiple snort instances in one box. One instance runs in IPS mode say eth1:eth2 against some ips rules only. Other instances run in IDS mode against vrt or et rules on eth2. 

Anybody sees any issues with the setup?
We plan to use connectivity-ips drop rules. Any recommendations on what ips rule family to use?

Thanks in advance!


Sent from my iPhone

More information about the Snort-users mailing list