Re: More Snort Stuff

["Keith W. McCammon" <mccammon () gmail com>]

Running multiple instances is probably your best bet (partly because I
think it's your only choice).  And even if it wasn't your only
choice...

Remember that each interface is assumed to be watching either 1) a
unique network or 2) the same network as another interface, but
performing in a different capacity.  Starting multiple instances from
one config would be pretty complicated, considering that most of your
variables will vary (heh) and that your rules will likely be slightly
different (or entirely different, in some cases).

----- Original Message -----
From: Bill Parker <dogbert () netnevada net>
Date: Sun, 25 Jul 2004 19:33:23 -0700
Subject: [Snort-users] More Snort Stuff
To: snort-users () lists sourceforge net

 
Hi again, 
  
    I added the supress lines for the traffic in question, and it's
been banished.  I also went and purchased the
Snort 2.1 Book (2nd Ed.) and have read chapters 1 and 2 so far.  I was
wondering, I can get a 2nd occurance
of snort to run if I start up another process at the command line, but
does anyone have a modification for the
snort script in /etc/init.d if you want to start multiple occurances
(i.e. - a sensor on eth1, eth2, etc)?
  
I'm starting to find out more about the pig, and this list (and the
book) are pretty useful for IDS info.
  
Bill


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users