I have a ESXi machine where I host a number of servers. I have a physical network with a number of devices and a few other servers. What I am trying to do is to mirror the physical network data to a snort VM running on ESXi so that I can monitor the physical network and generate alerts. The data flow would look something like this
Meraki Switch Mirror Port -> ESXi Physical Port -> VSwitch -> Snort Network Port
So far I am unable to find any kind of documentation outlining how to pass mirror data into the ESXi system. There are tons of articles on how to setup snort to monitor Vswitch environments. It seems odd to me that people wouldn’t want to pass the data to a VM considering how much this kind of architecture simplifies the network.
The topic ‘ESXi, Snort, Physical Networks’ is closed to new forum replies.