[Snort-users] Multiple Snort sensors
erek at ...577...
Mon Mar 25 10:10:11 EST 2002
On Mon, 25 Mar 2002, FGALAN wrote:
> I would like if it is posible to have multiple Snort sensors
> running simultaneously in different hosts outputing logs to
> the same place or if it nos possible due to some concurrence
> I mean,
> snort -l log [...] in host1
> snort -l log [...] in host2
> snort -l log [...] in host3
> where log is a shared directory (via NFS, for example).
If you aren't using binary logging, you could be in for a bit of trouble. If
one sensor needed to lock a file, then the others wouldn't be able to write to
it--If you're using NFS that is.
You could use NFS and binary log modes to generate 3 different files, one per
sensor and then split each of those out via a 4th snort process on the nfs
Or you could use barnyard and send it all off to backend DB.
*shrug* Lotsa ways to do it!
More information about the Snort-users