[Snort-users] More Snort Stuff

Keith W. McCammon mccammon at ...11827...
Mon Jul 26 06:28:08 EDT 2004


Running multiple instances is probably your best bet (partly because I
think it's your only choice).  And even if it wasn't your only
choice...

Remember that each interface is assumed to be watching either 1) a
unique network or 2) the same network as another interface, but
performing in a different capacity.  Starting multiple instances from
one config would be pretty complicated, considering that most of your
variables will vary (heh) and that your rules will likely be slightly
different (or entirely different, in some cases).

----- Original Message -----
From: Bill Parker <dogbert at ...11664...>
Date: Sun, 25 Jul 2004 19:33:23 -0700
Subject: [Snort-users] More Snort Stuff
To: snort-users at lists.sourceforge.net

 
Hi again, 
  
    I added the supress lines for the traffic in question, and it's
been banished.  I also went and purchased the
Snort 2.1 Book (2nd Ed.) and have read chapters 1 and 2 so far.  I was
wondering, I can get a 2nd occurance
of snort to run if I start up another process at the command line, but
does anyone have a modification for the
snort script in /etc/init.d if you want to start multiple occurances
(i.e. - a sensor on eth1, eth2, etc)?
  
I'm starting to find out more about the pig, and this list (and the
book) are pretty useful for IDS info.
  
Bill




More information about the Snort-users mailing list