[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Snort monitoring of Xen guests

To: "Mark Chandler" <mcl@xxxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Tue, 29 Apr 2008 22:45:27 +1000
Delivery-date: Tue, 29 Apr 2008 05:46:02 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>
Thread-index: AcioJuutdhM4SyLRR4WsXjaqOr31YgBz4ZRA
Thread-topic: [Xen-users] Snort monitoring of Xen guests

>  From another post on this list, it seems that the only way to monitor
> all traffic to guests in a host is to bind to the peth interface that
is
> bound to the bridge that serves the guests.

That will only catch traffic that goes via peth. Anything from DomU to
DomU will be missed. That is probably acceptable though if you are only
interested in traffic from external to DomU.

I don't think there is an option in the Linux bridge code to have a
'mirror' port that sees everything, unless maybe you can run snort on
the xenbrX interface itself?

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Snort monitoring of Xen guests
  - From: Mark Chandler

Prev by Date: [Xen-users] Time freeze in domU after reboot
Next by Date: Re: [Xen-users] xen dom0 32 bits memory is limited to 16GB?
Previous by thread: Re: [Xen-users] Snort monitoring of Xen guests
Next by thread: RE: [Xen-users] Snort monitoring of Xen guests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.