Sniff on a difference interface than eth0 for Snort and p0f

Sniff on a difference interface than eth0 for Snort and p0f

For p0f

Add this:

sed -i 's/INTERFACE=eth0/INTERFACE=venet0/' /opt/p0f/p0f_wrapper.sh

Right before this line:

supervisorctl update

For Snort

Change this line in the deploy script:

INTERFACE=eth0

to this:

INTERFACE=venet0

Or edit these files:

• /etc/supervisor/conf.d/snort.conf - change eth0 as needed
• /opt/snort/etc/snort.conf - change ipvar HOME_NET X.X.X.X as needed (note: X.X.X.X will be an IP address with numbers instead of X's)