Re: Barnyard2 issue w/unified2 ?

[John Ives <jives () security berkeley edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/2013 1:59 PM, waldo kitty wrote:
> On 8/15/2013 13:50, John Ives wrote:
> > Trying to output it to a postgres db. I did a quick look in the 
> > configuration, but I didn't see what option is used to
> > differentiate the instances, so I suspect this is the root of my
> > issue.
>
> one major thing to note in the cases of running multiple instances
> of a program is the PID file they use... you definitely do not want
> more than one instance using the same PID file...
>
> how to indicate to the instance what its ID is in addition to its
> normal "ID" is something else altogether... some apps have
> provisions for this while others do not...
>
> for example, in our environment, snort sniffing the ppp0 interface
> has a PID file name of snort_ppp0.pid... on the eth0 interface, it
> is snort_eth0.pid... same for the other interfaces...

Well the pid is not the issue as each instance of barnyard has a
different pid file numbered sequentially in the launching script.

It might also be noteworthy to mention that the issue is more obvious
when I stress test the system by saturating the link. If I reduce the
amount of traffic, it will generally take longer for it to reoccur.
Unfortunately, the configuration I am running now is not saturated
because I have another project that is taking up my time so I haven't
gone back yet to add more traffic to the link.

John



- -- 
- -------------------------------------------------------------------------
John Ives
System & Network Security                           Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSDVgbAAoJEJkidK6qbywsfkwH/2CL94tNG48wBh9xFvBFqQ+E
cscS7+1ao59gvAHaXaGT8IUqJ9tvCchSjW4AUIqacm5XeCp98E1e7SZjtLSJGn7h
fIDHSHC4liFQF4TL9zGjz+BhKOiTa2YBHKgpzz1N1S6jwZTDtlbMf1rV++8VnsJu
HJPuhQ+1Mu2u0+f0sFaPrvVJpiFHkmc1GfZ3L1EZ7La/dSd2uuJlh/YTBSTyvb2X
Pv/QtQv61rGkcQSbGNiSPETgFl+QAHa0rRjYYvq2SYMQSeajmOQw5r+eHiJJrNlj
z7bL0hufvHNxgS0syZIFjQ4+GSbFH2CK3ug7owM1wFRdmbgCKt2ZS5eJbQght1c=
=3kyV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!