Jim B wrote:
> I have changed the config in /etc/init.d/snortd to eth1 but when I run a
> "ps aux grep snort" I still that eth0 is being used and if I grep eth in
> /etc/snort/snort.conf there is no reference to use eth0
>
> I want to configure snort to pull traffic from both eth0 and eth1 but
> mostly eth1.
>
>
>
> Jim
>
>
I don't know snort per se, but I just checked my IPCop box which is
running snort. In /etc/snort/vars there is a variable HOME_NET which is
set to the ethernet addresses of the cards which snort is running on:
var HOME_NET [192.168.x.x,192.168.x.x,xxx.xxx.xxx.xxx]
I'm guessing that is what tells snort which network devices (addresses
actually) to run on.
HTH
--
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
![M](../imgs/f.png "Eric \\"Shubes\\" at 2006-02-28 18:34")
(text/plain)