Snort mailing list archives
Re: Multiple instances of snort on a bonded interface
From: Miles Stevenson <miles () mstevenson org>
Date: Fri, 11 Jun 2004 11:45:16 -0400
On Thursday 10 June 2004 05:51 pm, Corey Rock wrote:
Now, what you seem to really be asking is how to get snort to dump a binary pcap file. You can tell snort (in snort.conf) to log to mysql and to a binary pcap file, without having to run another instance of snort
Thanks for the advice. I aplogize for not detailing my question enough. I was actually hoping to run 2 different instances of snort. Each with different signature configurations. I have separate snort.conf files setup for each instance. Still can't get the 2nd one to capture traffic. Maybe I'll have a chance to play with Snot and try to generate specific alerts on the other instance. But this is on a production LAN, so I may not get the chance. =( But you are right in the end. If I can't get this to work, I'm just going to have to bite the bullet and have one instance log in both formats. -- Miles Stevenson miles () mstevenson org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63 ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple instances of snort on a bonded interface Miles Stevenson (Jun 09)
- <Possible follow-ups>
- RE: Multiple instances of snort on a bonded interface Corey Rock (Jun 11)
- Re: Multiple instances of snort on a bonded interface Miles Stevenson (Jun 11)