Problem while capturing Data in SNORT

Unanswered Question
Oct 25th, 2006
User Badges:


We have a 3550 catalyst working as a core switch. All the VLAN traffic passes through this switch. The IP Range for default VLAN and VLANs are different.

We have configured SNORT (2.6.0) on a linux machine. The SNORT is working, It is capturing the traffic from default VLAN only. As the traffic coming from other VLANs are contacting core switch and then comes to the snort interface the SNORT logs all the traffic from VLANS on the core switch's IP.

Is there any way to log the VLANs traffic on the individual IP address basis?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion