Hello everyone!

 

I am new to Snort 3 and we are preparing to build Snort Servers to monitor a few different VLANs that are on their own network interface.  We will have this same setup at about 3 other sites and that data will be sent to a Wazuh server.  When configuring snort 3 to passively monitor each network interface/VLAN, should we run one instance of snort and have it monitor the three different VLANs, or should we have a separate instance for each VLAN? 

 

- Email: orenk@macc.edu