[Snort-users] Snort on multiple interfaces

Chris Eidem jceidem at ...2191...
Wed Oct 10 11:05:13 EDT 2001


Michael,

I was having problems with multiple interfaces logging to the 
same file (basically, the file would lose its grip and I would
be unable to read it with {tcpdump,snort,ethereal}).  Make sure 
that you start up each instance of snort to write to different
files and you'll do just fine.

i.e:
snort -A fast -b -i fxp0 -c snort.conf -l /var/log/snort/fxp0 -D
snort -A fast -b -i fxp1 -c snort.conf -l /var/log/snort/fxp1 -D

not:
snort -A fast -b -i fxp0 -c snort.conf -D
snort -A fast -b -i fxp0 -c snort.conf -D

HTH,
Chris

> -----Original Message-----
> From: Reeves, Michael (GEAE, Compaq) [mailto:michael.reeves at ...3457...]
> Sent: Wednesday, October 10, 2001 12:06 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Snort on multiple interfaces
> 
> 
> I am about to deploy snort with 2 promiscuous nics in it. 
> Will I run into
> any issues when both sensors are trying to write to the alert 
> log on the
> local machine? I need these logs for dsheild and aris. I know 
> from logging
> to the database there are no issues. Anyone have any problems?
> 
> Mike




More information about the Snort-users mailing list