Snort/ACID setup q
I'm going to be installing snort and ACID on one of our servers to monitor our network. This server already has some services (email, apache) running on it, so I'd like some advice on how to set everything up.
I've been doing some reading and everyone seems to agree that the best way to setup snort is listening in promiscuous mode on its own interface via a "one-way" network cable. To this end, I've installed a second NIC in this server and bound all existing services to listen on eth0.
I assume Google will help me with creating a one-way network cable for eth1? This probably seems silly, but my biggest question is which way?? Does eht1 need to send only or recieve only?
Also, I've seen some talk about snort sensors running on other boxes on the network. If I run eht1 on this box in promiscuous mode, do I need to worry about snort sensors if everything is on the same network? TAI.