Multiple snorts same monitoring point

[bacolod85 <bacolod85 () yahoo com>]

Requirement: Supply access to several (say 3)
_isolated_ sets of snort output (same monitoring
point) to be used to compare the ability of different
"solutions" to analize the output.  Output supplied to
all must be identical.

SMP systems with 4 NICs available.  For grins I tried
running VMWare and 3 virtual Linux systems all
listening to the same physical NIC.  Oddly enough,
they all "see" things a little differently.  Linux
ethernet packet counters ('ifconfig') list different
packet counts so I believe it's NOT a snort problem
(likely VMWare or NIC dirvers).

Does anyone know of a cleaner way to accomplish this?

Maybe sending snort to syslog then remote syslogging
to 3 other systems?

-ews

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users