We currently have a Snort IDS installed in an environment with only one switch. The monitor session config for this is below

monitor session 1 source vlan 34
monitor session 1 destination interface Gi1/5
monitor session 1 filter packet-type good rx

We are adding another three switches into the environment and would like to sniff traffic from all four switches without and additional IDS devices or NICs if possible. My intention is to configure the new switches as follows...

monitor session 1 source vlan 34
monitor session 1 destination remote vlan 35

And then alter the config on the switch to which the IDS is connected as follows...

monitor session 1 source vlan 34
monitor session 1 destination remote vlan 35
monitor session 1 filter packet-type good rx
monitor session 2 destination interface Gi1/5
monitor session 2 source remote vlan 35
monitor session 2 filter packet-type good rx

The original config was done by a former colleague so I just wanted to check whether this was the best way of doing it.

Also, should I remove the monitor session x filter packet-type good rx so that the IDS sees all packets? I would have thought that you want your IDS to see all packets? This command appears to be a default and appears any time I configure a monitoring session.

I'm running cat4500-ipbasek9-mz.122-54.SG1.bin on a Cisco 4948