Re: One interface more than one snort process question

[James Lay <jlay () slave-tothe-box net>]

On 2013-06-10 11:06, SnortFan wrote:
> Any takers? Bueller?
>
> Sent from a mobile device.
>
> On May 30, 2013, at 11:45 AM, SnortFan <SnortFan () yahoo com> wrote:
>
> > Hi All,
> >     I have a customer that wants to feed traffic into another tool 
> > from snort but they also want to not have some of the hits from a few 
> > custom rules to not show in base. So I was wondering, can I run a two 
> > snort processes against one interface both with a  different set of 
> > rules or filters?  One process to feed Base and another to capture a 
> > particular group of traffic into another database. Is this possible 
> > and what are the downsides?
> >
> > They don't want to speed $$$ for another server.
> >
> > Thanks,
> > Ed

Yes..you can have two instances of snort running against one NIC...say 
something like snort1.conf and snort2.conf, make sure the output lines 
aren't the same ;)

James

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!