Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple instances of snort -G option

From: Robert Millott <robm () millottandassociates com>
Date: Mon, 14 Jul 2014 10:36:31 -0400
I am running two instances of snort on one machine, to handle the traffic
load.  I have split the traffic using BPF Filters, so one instance see just
web traffic, while the second instance handles everything else.  I am
running snort 2.9.6 on a Gentoo 3.14.4 host
  I have read in the snort manual about using the -G multiple instance
identifier.  I added this to my command line when starting up snort, using
"-G 1" on the first instance and "-G 2" on the second instance. Snort
starts up and run just fine, but I don't see anything different in my
output.  I am logging to /var/log/messages and I don't see any "1" or "2"
added in.  I compared snort output with the -G switch to snort output
without the -G output and I don't see a difference.

Anyone out there using this option?  If so, where does that instance
identifier show up?

Thanx

-- 
Robert Millott
President, Millott and Associates
(443) 255-3588

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck&#174;
Code Sight&#153; - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: