[Snort-users] Multiple snorts

Peter Bates peter.bates at ...15381...
Sat Apr 20 12:20:38 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 20/04/2013 14:25, Rick Mollard wrote:
> Are there any guides out there for running multiple instances of
> snort on the same box?

I think there's a link from the snort.org documents, but you could
look at:
http://www.metaflows.com/technology/10-gbps-pf_ring-2/

In a nutshell -
1) Use PF_RING to load-balance the traffic between instances
2) Run multiple Snorts writing unified2 logfiles
3) Run mulitple instances of Barnyard2 to read the files if you want
to put them into a database

You could also look into SecurityOnion which I believe does all of the
above for you.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRcsBWAAoJELhVoVpEMS6RpIwIAIGggEleRQoQ5BE5fFX/vqrP
+cWFjqLJY3Wyhni9qQTPEd0mtBmuHZg8ixKj07b/b4X4frbup8As04nJtmnYSDvh
GHaWhPiUEMw1BfFJQRXRnREdZ/lUu3OEsXk4BDFPABR/Dk1UG3SJc1dcv2fDxEMe
9z8BoZWNNClnRB0OQVsuIH6jDKbwuVTNdrmkOmxYFDF7cPw0eNQz5bS9DBtM6W6U
iceHUkLBiHpP/R5SpcZgjXG9JP+SI0U07jFB9WTYa5oxeHFXkVEDIJf4gzQiCNg4
B6R+G1+MfiJrVy6JQNaYVlGy1R1rDHNCcl5Fdf8m4MtynABT/+xbE9PA2csBHFM=
=1bcG
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list