Hello Folks
I would like to install a NIDS (SNORT) to analyze the traffic of my VMS but I don't know how to configure my Vcenter to mirror all the traffic from all VMs to Snort VM.
Let me introduce you to how my environment is
We have 6 Vlans
Vlan10 (ID 10)
Vlan20 (ID 20)
Vlan30 (ID 30)
Vlan40 (ID 40)
Vlan50 (ID 50)
Vlan60 (ID 60)
We are using a DVS to connect all environment and the Snort VM is in Vlan10
Thanks for all your help
You can create a port mirror on the vDS to mirror traffic from all port groups to another portgroup where only the Snort VM is attached to.
More information about port mirroring can be found in the vsphere documentation
Hello Erik
First of all thanks for your help.
Let me tell what a did...
I created a new port group call promisc with promiscuous mode and vlan id 10 and assigns the vm snort to this port group.
I have a doubt about the correct type of mirroring . Is the correct option to cohose a mirroring in my case is " Distributed Port Mirroring" or "Remote Mirroring Destination" ?
Thanks and regards
