Re: Multiple instances of snort on a bonded interface

[Miles Stevenson <miles () mstevenson org>]

On Thursday 10 June 2004 05:51 pm, Corey Rock wrote:

> Now, what you seem to really be asking is how to get snort to dump a binary
> pcap file.  You can tell snort (in snort.conf) to log to mysql and to a
> binary pcap file, without having to run another instance of snort

Thanks for the advice. I aplogize for not detailing my question enough. I was 
actually hoping to run 2 different instances of snort. Each with different 
signature configurations. I have separate snort.conf files setup for each 
instance. Still can't get the 2nd one to capture traffic. Maybe I'll have a 
chance to play with Snot and try to generate specific alerts on the other 
instance. But this is on a production LAN, so I may not get the chance. =(

But you are right in the end. If I can't get this to work, I'm just going to 
have to bite the bullet and have one instance log in both formats.

-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users