Snort mailing list archives
RE: Snort on multiple interfaces
From: "Chris Eidem" <jceidem () dexma com>
Date: Wed, 10 Oct 2001 13:01:50 -0500
Michael, I was having problems with multiple interfaces logging to the same file (basically, the file would lose its grip and I would be unable to read it with {tcpdump,snort,ethereal}). Make sure that you start up each instance of snort to write to different files and you'll do just fine. i.e: snort -A fast -b -i fxp0 -c snort.conf -l /var/log/snort/fxp0 -D snort -A fast -b -i fxp1 -c snort.conf -l /var/log/snort/fxp1 -D not: snort -A fast -b -i fxp0 -c snort.conf -D snort -A fast -b -i fxp0 -c snort.conf -D HTH, Chris
-----Original Message----- From: Reeves, Michael (GEAE, Compaq) [mailto:michael.reeves () ae ge com] Sent: Wednesday, October 10, 2001 12:06 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort on multiple interfaces I am about to deploy snort with 2 promiscuous nics in it. Will I run into any issues when both sensors are trying to write to the alert log on the local machine? I need these logs for dsheild and aris. I know from logging to the database there are no issues. Anyone have any problems? Mike
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on multiple interfaces Reeves, Michael (GEAE, Compaq) (Oct 10)
- <Possible follow-ups>
- RE: Snort on multiple interfaces Chris Eidem (Oct 10)