54


Chapter 2     Installing Snort and Getting Started


2.3 Running Snort on Multiple Network Interfaces


When you start Snort, it listens to traffic on one interface. Using the command line


option  i  , you can specify the interface on which you want to


run it. If you want to listen to multiple network interfaces, you have to run multiple cop 


ies of Snort in parallel. As an example, the following two commands start listening to


network interfaces eth0 and eth1 on a Linux machine.


/opt/snort/bin/snort  c /opt/snort/etc/snort.conf  i eth0  l /


var/log/snort0


/opt/snort/bin/snort  c /opt/snort/etc/snort.conf  i eth1  l /


var/log/snort1


Note that you have created two log directories, /var/log/snort0 and /var/


log/snort1, so that both of the Snort sessions keep their log files separate. These


directories must exist before you start Snort.


If both sessions log to a MySQL database, which is configured through


snort.conf file, the same database can be used.


Note that you can also have different configuration files for these two sessions.


There may be many reasons for having separate configuration files. The main reason is


that HOME_NETWORK is different for the two sessions. Another reason may be that


you want to log alert data in log files for one interface and in a database for the second


interface. This is shown in Figure 2 2.


Figure 2 2 Running Snort on multiple network interfaces and logging to different places.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved