Re: Barnyard2 and multiple sensors

[Mike Lococo <mikelococo () gmail com>]

Russell,

> So if you are splitting traffic on a single interface between two
> snort instances how do we configure barnyard2 so that it does not
> trip over itself with respect to sids.

I don't follow your description here.  When I think of a sid I think of
the number that uniquely identifies a snort rule in a rulefile.  I'm not
sure how barnyard could "trip over" that identifier.  What exactly are
you trying to achieve, how did you configure the behavior with your
previous tools, and what's misbehavior that you're observing now with
barnyard2?

> From the source I think barnyard is supposed to take a filter on
> the commandline and us it to select sid but it still writes the pid
> file as barnyard2_<int>.pid so this will fail ???

I'm not following the failure-mode here, either.  What did you expect to
happen and what did you observe instead?

Cheers,
Mike Lococo

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users