[Snort-users] AW: (Snort-users) Snort on multiple interfaces

sandro.poppi at ...3316... sandro.poppi at ...3316...
Mon Oct 15 00:16:07 EDT 2001


> I am about to deploy snort with 2 promiscuous nics in it.
> Will I run into
> any issues when both sensors are trying to write to the alert
> log on the
> local machine? I need these logs for dsheild and aris. I know
> from logging
> to the database there are no issues. Anyone have any problems?
>
I'm running 5 sensors on one machine logging to syslog. As long as you use the
output alert_syslog facility there should be no problem since your syslogd is
designed for this configuration.

If you want to use a single file for all sensor I would recommend sending the
alerts to own files per sensor and merge them using a short shell script.

HTH,
Sandro





More information about the Snort-users mailing list