[Snort-devel] Patch to have unified2 outputs for multiple snort instances

Russ Combs rcombs at ...402...
Thu Feb 14 12:06:44 EST 2013


Thanks.  This is normally done by using snort -l <instance-directory>.
Have you tried that?

On Thu, Feb 14, 2013 at 10:26 AM, Guido Hungerbuehler <guh at ...3369...> wrote:

> Hi
>
> I just wrote a patch which allows multiple snort instances to run in
> parallel. With this patch it is possible to only have one config file and
> still the unified2 output is directed to multiple files, each with the
> instance identifier.
>
> Just use the -G argument to specify the instance id.
>
> cheers
> guido
>
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130214/c71010f7/attachment.html>


More information about the Snort-devel mailing list