Posted on 2009-05-11
I am using snort 126.96.36.199 in Fedora 6 with two LAN card. I have some doubt about snort i have mentioned some question below.
My snort configuration
eth0= IP not set but it will up at boot time
In snort startup script i have mention the interface as eth0.
Snort running as service.
This is my question
1) If i need to monitor all my servers in my network, i need to configure snort in all the the server individually?
2) If any intrusion occur in my network or in any client pc in my network snort will alert?
3) snort alerting when i use nmap to scan port on snort pc but snort not alerting when i use nmap to scan port for other client pc or servers in my network.