[Snort-users] Multiple Win32 occurances?

Michael Steele michaels at ...9077...
Wed Nov 26 07:57:03 EST 2003


This is on a windows box, and you are talking UNIX :-)

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels at ...9077...    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Paul Schmehl
> Sent: Tuesday, November 25, 2003 7:12 PM
> To: Rich Adamson; Snort Users Postings
> Subject: Re: [Snort-users] Multiple Win32 occurances?
> 
> --On Tuesday, November 25, 2003 20:08:18 -0600 Rich Adamson
> <radamson at ...2127...> wrote:
> 
> >
> >> > Anyone tried to monitor two or more nic's from a single Win32 snort,
> >> > or, run two Win32 snort images (one on each nic)? Problems / issues?
> >> >
> >> How about two snort instances on one nic?  I'm doing that with no
> >> problems.
> >
> > Cool... off to play...
> 
> Well, if you're going to do that, here's a couple of learned lessons:
> 
> 1) I created a symlink to the "real" snort binary and named it
> "snort_special".
> 2) I created "snort_special" conf files, ACID directory, start scripts,
> etc., etc.
> 3) I use the -R switch on the special instance so the two instances use
> separate PIDs.  Otherwise you'll have problems with disk usage "growing"
> uncontrollably, and the only way to correct it is to stop both instances
> and allow disk usage (according to df) to shrink back to normal size.
> 
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list