Snort mailing list archives
Re: (no subject)
From: Naresh Narang <nnarang () guardiananalytics com>
Date: Thu, 21 Jun 2012 10:06:31 -0700
Ok case in point. I have to monitor traffic coming in on two NICs. Can I monitor with one instance running? --Naresh Sent from my iPhone On Jun 21, 2012, at 9:52 AM, "Kungu Panda" <kungupanda () gmail com> wrote:
I am using a single instance of snort to write-out multiple unified files and then using multiple barnyard2 instances to send to both syslog and mysql. Basically sending alerts to a prime and backup monitoring stations. No issues or problems; drop two "output unified2: xxx" directives in snort.conf. Not sure why anyone would need multiple instances of snort to achieve the same result. In fact, it would seem to be wildly inefficient to run multiple instances of snort to inspect the same traffic. Of course, you may have systems and cpu's to burn. KPanda. -----Original Message----- From: Peter Bates [mailto:peter.bates () ucl ac uk] Sent: Thursday, June 21, 2012 15:48 To: snort-users () lists sourceforge net Subject: [Snort-users] Multiple snorts & Barnyard2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all I was just wondering if I was missing any tricks here - - and interesting if anyone is doing things differently. I'm spawning multiple Snort processes - with a different - -l to write unified2 output into seperate directories. As a result I'm running multiple Barnyard2 processes, each reading the directories in continuous mode - and writing to DB and Syslog. Is this the optimal way of doing things, or am I missing a crafty command-line option somewhere? - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- (no subject) karan singhania (Apr 10)
- Re: Diameter Joshua Kinard (Apr 10)
- Re: Diameter asiaimbiss (Apr 11)
- Re: Diameter Joshua Kinard (Apr 11)
- Re: Diameter asiaimbiss (Apr 11)
- <Possible follow-ups>
- (no subject) Indrajeet Gupta (Apr 11)
- Re: (no subject) CleBeer (Apr 11)
- (no subject) Simon Blixt (Apr 21)
- Re: problem with Snort-rules not matching [SOLVED] Simon Blixt (Apr 25)
- (no subject) afessa akahc (May 14)
- (no subject) Kungu Panda (Jun 21)
- Re: (no subject) Naresh Narang (Jun 21)
- Re: (no subject) Peter Bates (Jun 21)
- (no subject) Deepika p (Jun 22)
- Re: (no subject) Charles Pigeon (Jun 23)
- Re: Diameter Joshua Kinard (Apr 10)