Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Win32 - multiple interfaces?

From: "Scot Scot" <scotw () hotmail com>
Date: Thu, 1 Jan 2004 14:50:58 -0600
----- Original Message ----- 
From: "Rich Adamson" <radamson () routers com>
To: "'Snort Users List'" <snort-users () lists sourceforge net>; "Michael
Steele" <michaels () winsnort com>
Sent: Thursday, January 01, 2004 1:47 PM
Subject: RE: [Snort-users] Win32 - multiple interfaces?



Thanks Mike..


Q1: You can't detect two interfaces with one Snort instance.

Note: Throw some more RAM in and run 2 Snorts


I'm going to set up one instance to run as a Service. Are your

instructions

at your site now?

When that's all done, looks like I'll take another run at updating
the README.WIN32 stuff. Been a few changes since I wrote that original
one. :)

Rich


<snip>

How about running both instances as a service?

Here is a recommendation:

Use instsrv.exe and srvany.exe from the NT Resource kit

Step-1, execute the following commands:

instsrv srvany %windir%\srvany.exe
instsrv snort1 %windir%\srvany.exe
instsrv snort2 %windir%\srvany.exe

Step-2, build two .reg files for each snort instance and import them into
the registry:
(You will have to fill in the %%'s with your own values)

--begin reg1 file---
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snort1\Parameters]
"Application"="%snortdrive%\%snortdir1%\\snort.exe"
"AppParameters"="-i%interface% -de -c
%snortdrive%\%snortdir1%\\snort.conf -l %snortdrive%\\snort1\\log"
"AppDirectory"="%snortdrive%\\snort1"
--end reg1 file---

--begin reg2 file---
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snort2\Parameters]
"Application"="%snortdrive%\%snortdir2%\\snort.exe"
"AppParameters"="-i%interface% -de -c
%snortdrive%\%snortdir2%\\snort.conf -l %snortdrive%\\snort2\\log"
"AppDirectory"="%snortdrive%\\snort2"
--end reg2 file---

Scot Wiedenfeld
Just my 2.0134 cents worth (tax included)


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: