elemint@hotpop.com wrote:

> We have a box setup with multiple virtual interfaces for purposes of
> multiple vlans and I want to send all syslog traffic or send all traffif
> out of a given interface.
> 
> Can I use the export command for this?  If not export how should I
> accomplish this?

I've played with snort quite a bit and don't quite understand what you want to 
do.  If the sniffer box is hooked up to a switch that has vlans and you make its 
port part of all those vlans then there is no need for the virtual interfaces. 
As for what interface it uses to communicate with a remote system, that is set 
by the kernel routing table, not by snort.  So if you really want to force 
packets going to a certain IP (or subnet) then you just setup a static route in 
the route table to control which interface it goes out as.

I could help more, but don't know if you are trying to do true NIDS (Network 
Intrusion Detection System) or running snort on a system as a kind of Network 
HIDS (Host Intrusion Detection System).  I had snort listening to a silent 
interface that was connected to a span port on a Cisco switch and a second 
interface that had only the ability to reach one subnet on the entire network 
(and only reachable from same subnet).