Multiple instances of snort on a bonded interface

[Miles Stevenson <miles () mstevenson org>]

Hello list. Haven't been able to find any help on this, maybe you someone here 
can help me.

I have a bond0 interface that I have been using for quite a while and works 
fine. An instance of snort is running and dumping everything into a MySQL DB. 
I'm trying to set up a 2nd snort process to run on the same bond0 interface 
with a slightly different config, so I can dump it to a binary tcpdump file. 

I know that there shouldn't be any problems running 2 sniffers on the same 
real interface (i.e. eth0, fxp0, etc) but has anyone tried this on a Linux 
bonded interface? The first snort processes is still seeing traffic and 
dumping to MySQL, but the second one isn't seeing anything. Maybe this is a 
Linux specific issue? 

I'm running an up to date 2.4 kernel on a RedHat box....

TIA 
-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63


-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users