Re: running snort on multiple interfaces (OpenBSD)

[Joe <js.lists () gmail com>]

Soner Tari wrote:
> Hi,
>
> I need to run snort on multiple interfaces. Currently, I'm running
> multiple snort instances to achieve this, but this stretches the shared
> memory.
>
> I've read FAQ 3.6, where it reads I should use a bridge interface on
> *BSD systems. I've tried that advice by creating bridge0, adding
> physical interfaces to it, upping it (per the brconfig(8) examples), and
> finally starting snort with "-i bridge0" argument. Snort starts (though,
> complaining that bridge0 is not assigned any IPs), but I cannot see any
> alerts.
NOTE: I'm going on the assumption that you don't have IPs on these 
interfaces.

Make sure you've actually brought the ALL the interfaces up.

$ sudo ifconfig bridge0 create
$ sudo ifconfig vr0 up
$ sudo ifconfig vr1 up
$ sudo brconfig bridge0 add vr0 add vr1 up


You can have this set at bootup by doing this:

$ sudo echo "up" > /etc/hostname.vr0
$ sudo echo "up" > /etc/hostname.vr1

$ sudo vi /etc/bridgename.bridge0
add vr0
add vr1
up

(According to the man page for bridgename.if, each argument must be on a 
separate line)


For more information, type:

$ man ifconifg
$ man brconfig
$ man hostname.if
$ man bridgename.if


Hope this helps.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users