Can Snort monitor multiple VLANs on a VM?

[Jun Wan <junwei_wan () hotmail com>]

Hi, 
 
I am new to Snort, I followed the instructions on this url:  https://wwwx.cs.unc.edu/~hays/archives/work/index.php 
 
All went well, Snort is running well and I am having many Snort alerts in the BASE and terminal.
 
Snort 2.8.4.1 and Barnyard2 in Ubuntu 9.10 is running on My Accer box with dual core Intel CPU @1.86 GHZ, 80G HD.
 
There is only one 10/100 NIC on my Accer box, so monitoring and management
 are on the same interface. Snort is monitoring only one VLAN (VLAN1) at moment.
 
Now I would like to use Snort to monitor multiple VLANs, e.g. VLAN 1, VLAN 20 etc, so I converted my Accer-Ubuntu-Snort 
box into a VM in our ESX4.0 environment, I created two additional NICs on the VM, now there are three  NICs;:NIC1 is 
for management on VLAN1, NIC2 is for monitoring on VLAN1, and NIC3 is for monitoring on VLAN20.
 
After lots of “Google”, I have found the following post from Barry (in 2005) is really relevant to my case:

http://seclists.org/snort/2005/q2/60

 
I have got the idea, but it’s still hard for me to follow the actual “HOW TO” steps. I  don’t expect anyone to do 
“baby-sitter” on Snort, despite Barry did a very good “case study”, but I would like to have some extra info regarding 
the files, locations, what, how etc (just like the first url link above from Bil) for the Snort dummy like me. 
 
I would like to have the followings:
1.) How to setup the management interface separately from the monitoring interface?
2.) How to setup two instances of Snort and Barnyard to monitor two VLANs on one VM?
 
* Network ports (for ESX 4.0 machines) on switch are configured in the followings:

hybrid link type
with VLAN 1, VLAN 20 tagged, and
the hybrid PVID is VLAN20. 
 
Any information and help would be much appreciated.
 
Many thanks in advance.
 
Regards
 
John
                                          
_________________________________________________________________
Need a new place to live? Find it on Domain.com.au
http://clk.atdmt.com/NMN/go/157631292/direct/01/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users