8

I'm working with kvm 0.14.1 on an ubuntu lucid x64 box. I've got 3 vlans configured, one that is a bridge to the host's eth1. The others are host only.

I want to start playing with snort. Is there a way to configure a 'mirror' port into/onto one of the vlans from/to a kvm virtual machine ?

thanks in advance.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
user52874
  • 829
  • 2
  • 12
  • 26

1 Answers1

2

if I understand what you're after, then all you need to do is build a bridge on the vlan you want to listen to, and add a NIC to the VM, that will be plugged into that bridge. The reason is simple - bridged interfaces are set in promiscous mode, and should be forwarding all bcast traffic to the VM.

dyasny
  • 18,802
  • 6
  • 49
  • 64
  • hm...considered this but I don't think that will exactly do what I want. I'm basically trying to replicate Cisco's SPAN (aka port mirroring). – user52874 Oct 28 '11 at 23:05
  • that said, I'm thinking something like openvswitch may be an easy way to go. – user52874 Oct 28 '11 at 23:05