Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple snorts

From: Peter Bates <peter.bates () ucl ac uk>
Date: Sat, 20 Apr 2013 17:20:38 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 20/04/2013 14:25, Rick Mollard wrote:

Are there any guides out there for running multiple instances of
snort on the same box?


I think there's a link from the snort.org documents, but you could
look at:
http://www.metaflows.com/technology/10-gbps-pf_ring-2/

In a nutshell -
1) Use PF_RING to load-balance the traffic between instances
2) Run multiple Snorts writing unified2 logfiles
3) Run mulitple instances of Barnyard2 to read the files if you want
to put them into a database

You could also look into SecurityOnion which I believe does all of the
above for you.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRcsBWAAoJELhVoVpEMS6RpIwIAIGggEleRQoQ5BE5fFX/vqrP
+cWFjqLJY3Wyhni9qQTPEd0mtBmuHZg8ixKj07b/b4X4frbup8As04nJtmnYSDvh
GHaWhPiUEMw1BfFJQRXRnREdZ/lUu3OEsXk4BDFPABR/Dk1UG3SJc1dcv2fDxEMe
9z8BoZWNNClnRB0OQVsuIH6jDKbwuVTNdrmkOmxYFDF7cPw0eNQz5bS9DBtM6W6U
iceHUkLBiHpP/R5SpcZgjXG9JP+SI0U07jFB9WTYa5oxeHFXkVEDIJf4gzQiCNg4
B6R+G1+MfiJrVy6JQNaYVlGy1R1rDHNCcl5Fdf8m4MtynABT/+xbE9PA2csBHFM=
=1bcG
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: