Re: [Snort-users] Snort on multiple interfaces

El mi=C3=A9, 03 de 11 de 2004 a las 17:38, Jeffries, Michael MJ escribi=C3=
=B3:
> Hi there,
>=20
> I have a box with 3 interfaces pointing at different networks, I am
> running fedora 9.2. How can I get snort to sniff on more than one
> interface?
>=20
> Do I just start two sessions of snort up as follows ?
>=20
> snort -c /etc/snort/snort.conf -i eth0 &
> snort -c /etc/snort/snort.conf -i eth1 &
>=20
> Or is there a better way to do this?
>=20
> Thanks a ton
> Mike

If you want to listen on all the interfaces you can use "any"
to do it. If you have, let's say, eth0, eth1, eth2, eth3, eth4
and you only want to snort on eth0, eth1 and eth2 you can change
the name of the interfaces with the "ip" command from iproute2
to something like sn0, sn1, sn2 and use the word "sn+", I think
snort can accept it.


--=20
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPA=C3=91A

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users