Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rép. : Re: [Snort-users] running 2 instances of snort under Demarc

From: "Ronald Beaulieu" <rbeaulieu () justice gouv qc ca>
Date: Mon, 27 May 2002 07:04:53 -0400
Hello All,

They put a fix out for that last thursday, it is a patch for version 1.6 that also fixes installation problems when the 
sensor is located behind a proxy server and that you choose to do an update of the binaries during the install.

Ronald.


<SkatFiend () aol com> 23/05/02 10h00 >>>

To all of you who may be interested I did inquire of Demarc and here is the 
answer:

Question:

Win2K & Demarc v1.6 server, with a multi-homed box, how can I get Demarc to 
run 2 instances of snort at the same time, one for each NIC interface both 
writing to the local mysql database and reporting to Demarc

Response:

This is not possible with the current build due to the limitations of running 
them as Windows services.  There will be an update build that will be 
available on Friday that will allow you to do this though.  Please redownload 
the program on Friday of this week and there will be instructions inside the 
psd.conf (Sensor configuration file) on how to do accomplish this.

------------------------------------------------------------------------------

--------------------------------------------
I talked to demarc a little while back and they said that they are thinking 
about finding a way to be able to have demarc start up snort on 2 interfaces. 
If you want to watch all interfaces, you can start one instance of snort with 
out a -i option (or is it -i any) and snort will bind to all interfaces. 
 
I would send demarc an email and see what they have done.
 
Ian


----- Original Message ----- 
From: <A HREF="mailto:SkatFiend () aol com">SkatFiend () aol com</A> 
To: <A HREF="mailto:snort-users () lists sourceforge net">snort-users () lists sourceforge net</A> 
Sent: Friday, May 17, 2002 3:17 PM
Subject: [Snort-users] running 2 instances of snort under Demarc


OK ok ooookkkk, I know this is the snort user list but a lot of folks here 
use Demarc also and I realy need an answer to this if anyone can help.

OK, running Demarc v1.6 in a Win2K platform. If I have a multi-homed box 
with 2 NIC cards running the Demarc v1.6 server with a local MySql database 
can I run two instances of snort at once so I can sniff each of the 
interfaces at the same time???

I know this may not be advisable, and could end up taking a CPU pounding.

Answers are appreciated. Thanks, Cliff 



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: