RE: Snort on multiple interfaces

["Chris Eidem" <jceidem () dexma com>]

Michael,

I was having problems with multiple interfaces logging to the 
same file (basically, the file would lose its grip and I would
be unable to read it with {tcpdump,snort,ethereal}).  Make sure 
that you start up each instance of snort to write to different
files and you'll do just fine.

i.e:
snort -A fast -b -i fxp0 -c snort.conf -l /var/log/snort/fxp0 -D
snort -A fast -b -i fxp1 -c snort.conf -l /var/log/snort/fxp1 -D

not:
snort -A fast -b -i fxp0 -c snort.conf -D
snort -A fast -b -i fxp0 -c snort.conf -D

HTH,
Chris

> -----Original Message-----
> From: Reeves, Michael (GEAE, Compaq) [mailto:michael.reeves () ae ge com]
> Sent: Wednesday, October 10, 2001 12:06 PM
> To: 'snort-users () lists sourceforge net'
> Subject: [Snort-users] Snort on multiple interfaces
>
>
> I am about to deploy snort with 2 promiscuous nics in it. 
> Will I run into
> any issues when both sensors are trying to write to the alert 
> log on the
> local machine? I need these logs for dsheild and aris. I know 
> from logging
> to the database there are no issues. Anyone have any problems?
>
> Mike

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users