Re: Multiple Win32 occurances?

[Paul Schmehl <pauls () utdallas edu>]

--On Tuesday, November 25, 2003 20:08:18 -0600 Rich Adamson 
<radamson () routers com> wrote:

> > > Anyone tried to monitor two or more nic's from a single Win32 snort,
> > > or, run two Win32 snort images (one on each nic)? Problems / issues?
> > >
> > How about two snort instances on one nic?  I'm doing that with no
> > problems.
>
> Cool... off to play...

Well, if you're going to do that, here's a couple of learned lessons:

1) I created a symlink to the "real" snort binary and named it 
"snort_special".
2) I created "snort_special" conf files, ACID directory, start scripts, 
etc., etc.
3) I use the -R switch on the special instance so the two instances use 
separate PIDs.  Otherwise you'll have problems with disk usage "growing" 
uncontrollably, and the only way to correct it is to stop both instances 
and allow disk usage (according to df) to shrink back to normal size.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users