Re: [Snort-users] Snort start up on Multiple interface

At 01:02 PM 4/27/2004, Brian Webster wrote:
>I have tried comma separted values eth0,eth1,eth2,eth3. no luck.
>I don't really want to get multiple intances of snort running unless that
>is the only way.


AFAIK there's no support for specifying multiple interfaces to snort.

There's only 3 ways to do something like this:
1) start multiple snorts
2) create a bonded interface which combines all 4 and start snort
on that.
3) if you're on linux, you have the option of using "any" as an
interface, which will pick up all the interfaces (including lo, if I'm not
mistaken).


Fundamentally, a single snort opening 4 different ethernet ports is not
substantialy lower overhead than 4 separate copies of snort, and the code
is much less complex. Certainly the overhead savings is not enough to
justify adding a ugly mess in the code that calls pcap, and add some minor
slowdowns for every single-interface snort user.

Besides, bonded interfaces should let you do what you want without needing
any support in the snort code.







-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users