From owner-freebsd-questions  Tue Feb 12 16:27:34 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from TheWorld.com (pcls2.std.com [199.172.62.104])
	by hub.freebsd.org (Postfix) with ESMTP id 5A1F037B402
	for <freebsd-questions@FreeBSD.ORG>; Tue, 12 Feb 2002 16:27:32 -0800 (PST)
Received: from shell.TheWorld.com (root@shell01.TheWorld.com [199.172.62.241])
	by TheWorld.com (8.9.3/8.9.3) with ESMTP id TAA13091;
	Tue, 12 Feb 2002 19:27:27 -0500
Received: (from lowell@localhost)
	by shell.TheWorld.com (8.9.3/8.9.3) id TAA281667;
	Tue, 12 Feb 2002 19:27:27 -0500 (EST)
Date: Tue, 12 Feb 2002 19:27:27 -0500 (EST)
Message-Id: <200202130027.TAA281667@shell.TheWorld.com>
X-Authentication-Warning: shell01.TheWorld.com: lowell set sender to lowell@shell01.TheWorld.com using -f
From: Lowell Gilbert <lowell@TheWorld.com>
To: twigles@yahoo.com
Cc: freebsd-questions@FreeBSD.ORG
In-reply-to: <20020212235235.46977.qmail@web10105.mail.yahoo.com> (message
	from twig les on Tue, 12 Feb 2002 15:52:35 -0800 (PST))
Subject: Re: quasi-newbie question #1 answered
References:  <20020212235235.46977.qmail@web10105.mail.yahoo.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

   Date: Tue, 12 Feb 2002 15:52:35 -0800 (PST)
   From: twig les <twigles@yahoo.com>

   Actually you solved the mystery but I'm still stuck. 
   At home I'm running a Cisco 2924 with both cards in
   the same vlan and I forgot about that pesky TCP/IP
   thingy.  I'll tinker with isolating the monitoring
   port (the one with rl1) in say...vlan 100 and have it
   monitor vlan 1 (everything else).  The snorting
   interface really should not be able to communicate
   with anything anyway.

You shouldn't need to configure *any* IP addresses on that interface,
should you?

   Unfortunately my production server is under my direct
   and complete control in every sense of the word.  I
   can't simply start vlanning things on a core switch in
   a datacenter just cause it suits me.  So now I need to
   figure out if I can simply kill that stupid message. 
   Is there anything I can do/read/config in kernel to
   make this thing stop?

Sure.  You've got the source.  There's probably some sort of knob for
it without even changing the source, but it's the kind of ugly hack
that's better off not being advertised even if it exists...

Good luck.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message