Hi Alex, > My production LAN has two networks [lan and wifi] and no manageable switches. > > Is it possible to run inline with 2 monitor interfaces? I have tried this > but snort only picks up violations in one network [eth1.2], not the > other[eth1.5]. It is not possible by default. We only allow one monitor interface. It is weird the service even starts..
If you want to use SNORT on two interfaces, I would suggest that you manage SNORT manually, not in PF (so no monitor interface). That way it will act as a "remote" sensor, but locally on the PF server. -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
