1. Run alienvault-setup and Jail Break OSSIM Server to allow you command line access
2. First IP your second interface card that will not be used for management eth#
# ifconfig eth0 192.168.1.5 netmask 255.255.255.0 up
# ifconfig eth0
3. Edit your /etc/ossim/ossim_setup.conf. Under [sensor], add your new interface to the interfaces interfaces=eth0, eth1
4. Add ip of the second network card to ip under sensor and framework
[sensor]
detectors=ossec-single-line, prads, pam_unix, suricata, ssh, sudo
ids_rules_flow_control=yes
interfaces=eth0, eth1
ip=192.168.1.5
monitors=nmap-monitor, ntop-monitor, ossim-monitor
mservers=no
name=alienvault
netflow=yes
netflow_remote_collector_port=555
networks=192.168.0.0/16,172.16.0.0/12,10.0.0.0/8
tzone=US/Eastern
[framework]
framework_https_cert=default
framework_https_key=default
framework_ip=192.168.1.2
5. run ossim-update so OSSIM will reconfigure
6. Now if you go to the management address and login you should see traffic from second network card.