[Snort-users] Multiple DBs, and multithreading

wkitty42 at ...14940... wkitty42 at ...14940...
Tue May 2 11:58:03 EDT 2017


On 05/02/2017 06:25 AM, Abdullah AL-Mutairy wrote:
>
> Hello everyone!
>
> Does snort support using multiple databases? Let's say i have my own database
> that i would like snort to check it first before its default database.

snort doesn't do databases directly since a very long time... the task of 
placing alerts into a database is relegated to some other tool like barnyard2 or 
similar... writing alerts to more than one database is up to your tool's 
configuration... reading those alerts from more than one database is up to your 
analysis tools...

> Does snort 2.9 have multithreading feature? If not, i could simulate that by
> running two processes at same time, but it might not work if answer of
> question 1 is no.

you can have more than one snort running at a time... you can also have more 
than one barnyard2 running at a time... each will have their own configurations 
so it is conceivable that you can have one snort's alerts being written to one 
database while the other snort's alerts are written to another database...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list