Snort mailing list archives

Re: Problem with using 2 sensors

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 27 Sep 2011 17:48:05 -0400


On Sep 27, 2011, at 5:15 PM, Lay, James wrote:

-----Original Message-----
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Tuesday, September 27, 2011 2:57 PM
To: Lay, James
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Problem with using 2 sensors

If you run snort with -D, you shouldn't have to background it..  "&".

J

On Sep 27, 2011, at 4:27 PM, Lay, James wrote:


<snip>

Hey Joel, does snort have a -E option?  2.9.1 only show's a -e, Display
the second layer header info.  Thanks.


USAGE: snort [-options] <filter options>
Options:
        -A         Set alert mode: fast, full, console, test or none  (alert file alerts only)
                   "unsock" enables UNIX socket logging (experimental).
        -b         Log packets in tcpdump format (much faster!)
        -B <mask>  Obfuscated IP addresses in alerts and packet dumps using CIDR mask
        -c <rules> Use Rules File <rules>
        -C         Print out payloads with character data only (no hex)
        -d         Dump the Application Layer
        -D         Run Snort in background (daemon) mode
        -e         Display the second layer header info
        -f         Turn off fflush() calls after binary log writes
        -F <bpf>   Read BPF filters from file <bpf>
        -g <gname> Run snort gid as <gname> group (or gid) after initialization
        -G <0xid>  Log Identifier (to uniquely id events for multiple snorts)
<sip>

Nope.

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Problem with using 2 sensors Mike Boeckeler (Sep 27)
- Re: Problem with using 2 sensors JJC (Sep 27)
  - Re: Problem with using 2 sensors beenph (Sep 27)
- Re: Problem with using 2 sensors Lay, James (Sep 27)
  - Re: Problem with using 2 sensors Joel Esler (Sep 27)
    - Re: Problem with using 2 sensors Lay, James (Sep 27)
    - Re: Problem with using 2 sensors Joel Esler (Sep 27)
- Re: Problem with using 2 sensors Castle, Shane (Sep 27)