[Snort-users] Multiple snorts same monitoring point

bacolod85 bacolod85 at ...131...
Mon May 5 20:31:03 EDT 2003


Requirement: Supply access to several (say 3)
_isolated_ sets of snort output (same monitoring
point) to be used to compare the ability of different
"solutions" to analize the output.  Output supplied to
all must be identical.

SMP systems with 4 NICs available.  For grins I tried
running VMWare and 3 virtual Linux systems all
listening to the same physical NIC.  Oddly enough,
they all "see" things a little differently.  Linux
ethernet packet counters ('ifconfig') list different
packet counts so I believe it's NOT a snort problem
(likely VMWare or NIC dirvers).

Does anyone know of a cleaner way to accomplish this?

Maybe sending snort to syslog then remote syslogging
to 3 other systems?

-ews

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




More information about the Snort-users mailing list