[Snort-users] (no subject)

Naresh Narang nnarang at ...15655...
Thu Jun 21 13:06:31 EDT 2012

Ok case in point. I have to monitor traffic coming in on two NICs. Can I monitor with one instance running?

Sent from my iPhone

On Jun 21, 2012, at 9:52 AM, "Kungu Panda" <kungupanda at ...11827...> wrote:

> I am using a single instance of snort to write-out multiple unified
> files and then using multiple barnyard2 instances to send to both
> syslog and mysql.  Basically sending alerts to a prime and backup
> monitoring stations.  No issues or problems; drop two "output
> unified2: xxx" directives in snort.conf.
> Not sure why anyone would need multiple instances of snort to achieve
> the same result.  In fact, it would seem to be wildly inefficient to
> run multiple instances of snort to inspect the same traffic.  Of
> course, you may have systems and cpu's to burn.
> KPanda.
> -----Original Message-----
> From: Peter Bates [mailto:peter.bates at ...15381...]
> Sent: Thursday, June 21, 2012 15:48
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Multiple snorts & Barnyard2
> Hash: SHA1
> Hello all
> I was just wondering if I was missing any tricks here
> - - and interesting if anyone is doing things differently.
> I'm spawning multiple Snort processes - with a different
> - -l to write unified2 output into seperate directories.
> As a result I'm running multiple Barnyard2 processes, each reading the
> directories in continuous mode - and writing to DB and Syslog.
> Is this the optimal way of doing things, or am I missing a crafty
> command-line option somewhere?
> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list