configure snort for eth1
Eric "Shubes"
plug at shubes.net
Tue Feb 28 11:34:11 MST 2006
Jim B wrote:
> I have changed the config in /etc/init.d/snortd to eth1 but when I run a
> "ps aux grep snort" I still that eth0 is being used and if I grep eth in
> /etc/snort/snort.conf there is no reference to use eth0
>
> I want to configure snort to pull traffic from both eth0 and eth1 but
> mostly eth1.
>
>
>
> Jim
>
>
I don't know snort per se, but I just checked my IPCop box which is
running snort. In /etc/snort/vars there is a variable HOME_NET which is
set to the ethernet addresses of the cards which snort is running on:
var HOME_NET [192.168.x.x,192.168.x.x,xxx.xxx.xxx.xxx]
I'm guessing that is what tells snort which network devices (addresses
actually) to run on.
HTH
--
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************
More information about the PLUG-discuss
mailing list