[Snort-users] Barnyard2 setup question (I'm not getting alerts from both instances)

Avery Rozar Avery.Rozar at ...16118...
Mon Apr 14 10:22:19 EDT 2014


I have two snort instances (snort00, and snort01) running, inline for dna0:dna1, and inline for dna2:dna3.

Snort instance 0 logs to snort00 (unified2)
Snort instance 1 logs to snort01 (unified2)

Barnyard2 instance 0 picks up snort00, and writes to alert0
Barnyard2instance 1 picks up snort01, and writes to alert1

Should I only have one barnyard2 instance? Its seems that I’m only getting alerts written to one or the other  (alert0, alert1) not both. Even if an alerts triggers and gets written to snort00 or snort01 unified2 file.

Thanks,
Avery




More information about the Snort-users mailing list