[Snort-users] Barnyard2 and multiple sensors

Russell Fulton r.fulton at ...3809...
Thu Oct 28 23:39:55 EDT 2010

On 21/10/2010, at 5:18 PM, Joel Esler wrote:

> Run two instances of Barnyard as well.

OK, reworked all my scripts to handle multiple instances of barnyard but I have just realised that I can't find anyway of telling barnyard2 which sid to use.  Nor does it allow a filter option as barnyard (acid output plugin) did.

So if you are splitting traffic on a single interface between two snort instances how do we configure barnyard2 so that it does not trip over itself with respect to sids.

I have poked though the source and played with putting the filters on the command line but am really none the wiser -- anything I put on the commandline seems to be ignored completly.

