Re: Barnyard2 issue w/unified2 ?

[beenph <beenph () gmail com>]

On Thu, Aug 15, 2013 at 11:52 AM, John Ives <jives () security berkeley edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeff,
>
> My understanding from my own research is that for each instance of
> snort on a system there needs to be an instance of barnyard2 each with
> its own configuration file.

Each instance Need its own configuration file that will differentiate
each instance
especialy if you log to a database.

If you log to syslog for example you can use only one configuration and spawn
each by2 process with a script loop.


> Supposedly, that is all that is needed.
> However, I have not been able to make it work as all but one of the
> barnyards will eventually crash.

Could you define crash?
Which error was it reporting, etc...


-elz

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!