Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » How can I specify which interface to use for logging?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

How can I specify which interface to use for logging?


Posted by mmurphy on March 22, 2005 07:09:48

I would like to log snort alerts to an external MySQL database. So far, I have tested this using one interface to both sniff and send alerts to the database. However, I don't want to tie up the sniffing interface with traffic to my MySQL server. So, is there a secret interface switch that I can use in the output plugin? Or, will chaning my sniffing interface to a stealth interface force snort to use the other interface for logging? Any info would be greatly appreciated.

Posted by roesch on March 23, 2005 06:18:00

Your routing tables will determine which interface the logging will be written to. If you want to guarantee that the sniffing interface isn't used for anything else put it into stealth mode.

http://www.snort.org/docs/faq/1Q05/node30.html

-Marty


Posted by mmurphy on March 24, 2005 04:44:37

Thanks Marty
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.