[Snort-users] Barnyard2 and multiple sensors
r.fulton at ...3809...
Thu Oct 28 23:39:55 EDT 2010
On 21/10/2010, at 5:18 PM, Joel Esler wrote:
> Run two instances of Barnyard as well.
OK, reworked all my scripts to handle multiple instances of barnyard but I have just realised that I can't find anyway of telling barnyard2 which sid to use. Nor does it allow a filter option as barnyard (acid output plugin) did.
So if you are splitting traffic on a single interface between two snort instances how do we configure barnyard2 so that it does not trip over itself with respect to sids.
I have poked though the source and played with putting the filters on the command line but am really none the wiser -- anything I put on the commandline seems to be ignored completly.
More information about the Snort-users