Snort mailing list archives

Re: Multiple Snort sensors

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 25 Mar 2002 10:09:53 -0800 (PST)

On Mon, 25 Mar 2002, FGALAN wrote:

I would like if it is posible to have multiple Snort sensors
running simultaneously in different hosts outputing logs to
the same place or if it nos possible due to some concurrence
problems.


Yes, BUT....

I mean,

snort -l log [...] in host1
snort -l log [...] in host2
snort -l log [...] in host3

where log is a shared directory (via NFS, for example).


If you aren't using binary logging, you could be in for a bit of trouble.  If
one sensor needed to lock a file, then the others wouldn't be able to write to
it--If you're using NFS that is.

You could use NFS and binary log modes to generate 3 different files, one per
sensor and then split each of those out via a 4th snort process on the nfs
server.

Or you could use barnyard and send it all off to backend DB.

*shrug*  Lotsa ways to do it!

Good luck!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Multiple Snort sensors FGALAN (Mar 25)
- Re: Multiple Snort sensors D.Rajesh Kumar (Mar 25)
- Re: Multiple Snort sensors Erek Adams (Mar 25)
- Re: Multiple Snort sensors Scott Nursten (Mar 26)