I'm trying to set up a snort IDS from my machine(opensuse 13.1) to monitor the entire network. When I run snort I am sniffing all the packets and monitoring all computers on the network, but I am only getting alerts for my machine. I want the alert file to alert me about ALL IP's. I also tried including specific IP adressess in HOME_NET and it would still only alert me about my opensuse machine.
My snort.conf: HOME_NET 192.168.1.0/24
EXTERNAL_NET !$HOME_NET
output alert_fast: /var/log/snort/fast_alert.txt
I am using pulledpork for my one snort.rules file.
I run snort as so: snort -d -c /etc/snort/snort.conf -vv
also, It might be important information that I do not have eth0 as a network device option.
How can I make snort alert me for all machines/IP's on the network?
Solution was port mirroring. I was only able to get traffic from my own switch. By using a network switch and port mirroring other IP's to my switch, I am now able to alert those IP's traffic!