[Snort-users] Multiple snorts & Barnyard2

beenph beenph at ...11827...
Thu Jun 21 12:10:37 EDT 2012


On Thu, Jun 21, 2012 at 11:47 AM, Peter Bates <peter.bates at ...15381...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> I was just wondering if I was missing any tricks here
> - - and interesting if anyone is doing things differently.
>
> I'm spawning multiple Snort processes - with a different
> - -l to write unified2 output into seperate directories.
>
> As a result I'm running multiple Barnyard2 processes, each reading the
> directories in continuous mode - and writing to DB and Syslog.
>
> Is this the optimal way of doing things, or am I missing a crafty
> command-line option somewhere?
>

It is currently the best way to handle things.

I personally think its a good way to be able to manage instances
separatly even if barnyard2 is not involved in the process, for
signature, configuration, etc...

Logging unified2 file of multiple snort  process in a single directory
even if you would have different prefix could
lead to  potential error when trying to manually manipilate the files
for example.

-elz



> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJP40InAAoJELhVoVpEMS6RwSkIAKKZY5r4XkpBOqjJwdZMxIzM
> 8vXLfYae1vJ9JTmo+bstjDHR/ls9BScwoQAqthmFzwwkqWCn4kHgp2eFlWukQsCL
> /EuBMIjUItOlz3JpfCnmQqiALFPfNDS90TxUPufTKoi1SpGr+p3Bkw4At37Z3U6M
> v8wWsU7dImlScSfObBN5DqeAB44S6DiLN1I5nFoJ2i9JJcFmOZPuPBeY9wrW6gqb
> cIsAg6sgwYkhnnY/txaADucncrlhZdWPy3iy5oPSbopJfOpjCuw1TPLYc+j35NQN
> eB15mWemzZ8MtUAh9iN/posQIxgcbOI+bDjpPnvysSHCb7klNsw/1N/17OiIJJs=
> =lcX5
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list