Thu Nov 23 16:36:19 EST 2017
Sniff packets on interface.
-I Print out the receiving interface name in alerts.
> I am going to let it run like this for a day or so and see
> what it does. I
> still do not think any alerts will come from the external snort.
> One thing I should mention is that being sort of a newbie, I
> am trying to
> administer most servers /etc from the Webmin GUI. Don't
> laugh, it is a good
> learning tool. I am comfortable at the command line however.
> The Webmin tool
> only allows me to set up a single interface. So I use it for
> the internal and
> fire up the external via the shell. Just out of curiosity, is
> it possible to
> initialize both interfaces with a single command? For
> example, Sandro offered
> a snort.multi script, but it was way out of my league.
Well, ok, if you are not interested in using swatch you can delete all the
swatch lines in my snort.multi script.
The only thing you have to do then is to set the variable INTERFACE to hold
all your "snortable" interfaces like in
INTERFACE="eth0 eth1 eth2"
BUT: My script is not yet set up to work with different configs for each
snort instance, although I think this will be changed in a future version.
So you're still on your own if that's what you require ;(
More information about the Snort-users