[Snort-users] multiple interface server, snort & barnyard

Y M snort at ...15979...
Mon Jul 1 11:00:16 EDT 2013


If you will be running multiple snort processes, then you will need to run the same number of barnyard2 processes, one for each snort process. In each barnyard2 conf. file, make sure to add the sensor name in your database connection, such that:
 
barnyard1.conf --> sensor_name=sensor1
barnyard2.conf --> sensor_name=sensor2
barnyard3.conf --> sensor_name=sensor3
 
Also, make sure that your snort output directories are separate, such that:
 
for snort1 --> /var/log/snort/snort1
for snort2 --> /var/log/snort/snort2
for snort3 --> /var/log/snort/snort3
 
If you will be using multiple snort conf files, then refere to the documentation: http://manual.snort.org/node25.html
 
Hope this give a good start. Thanks.
YM
 
Date: Fri, 28 Jun 2013 11:07:18 -0400
From: dwmetz at ...11827...
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] multiple interface server, snort & barnyard

looking for documentation on how to use multiple interfaces for traffic capture (receiving from different network segments) and use barnyard2 for output to snort DB.
i've got it working fine for a single interface but am getting hung up in trying to figure how to get multiples operating at the same time.






------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130701/aa532d40/attachment.html>


More information about the Snort-users mailing list