[Snort-users] Multiple Processes - Snort

Sonika Malhotra sonikam at ...4044...
Thu Mar 14 03:09:12 EST 2002


Hello List,
    Is it possible that to decouple the logging and analysis stage of
snort , i can run two different processes of snort. one in logger mode
writing to tcpdump file and other in the NIDS mode to only analyze the
file .
    i.e. one process will read the tcpdump file and other will write to
it.
    just an idea to reduce packet loss..may be this would increase
efficiency of snort in high speed N/w.
thanx.
sm.






More information about the Snort-users mailing list