RE: logging with multiple nics

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As far as I know, no. You will have to have the second Snort process
running in a different directory. The reason is that the alert.ids
file is kept open and can not be written to by the second process.
(At least it used to.
 
You can consolidate the logs with different log outputs like Syslog,
MySQL, MSSQL, etc. I highly recommend that if you need to have
centralized logging.
 
Regards,
Frank
 

- -----Original Message-----
From: Jamil Farshchi [mailto:jfarshch () hq nasa gov]
Sent: Wednesday, December 19, 2001 12:26 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] logging with multiple nics


Hello,

Will snort allow us to run multiple instances of the program with
each using a separate nic, and log everything to the same directory? 

One host, two nics, two separate snort processes, and have both
processes log to the same directory at the same time. Does snort
automatically modify the filenames to distinguish between the two
interfaces, or would this configuration break something? 

We would like to have everything logged to one directory and keep the
current filename format, but add a simple distinguisher like
snort2-xxxx () xxxx log for the second nic logs.

Any information on if this is possible with snort (without having to
write an inhouse script) would be greatly appreciated.
 


Jamil D. Farshchi 
Information Technology & Security 
NASA Office of Inspector General 
Washington, DC 20546 
Phone: 202.358.1897
Fax: 202.358.2990 




-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPCFLapytSsEygtEFEQIwjgCgkWO/JDdYLWk633w76oAViGu93UEAnRGv
Kz5MQ3FhNyf2h/FTRwN1LVvw
=pono
-----END PGP SIGNATURE-----