Re: Barnyard2 issue w/unified2 ?

[beenph <beenph () gmail com>]

On Thu, Aug 15, 2013 at 1:50 PM, John Ives <jives () security berkeley edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 8/15/2013 9:17 AM, beenph wrote:
> > On Thu, Aug 15, 2013 at 11:52 AM, John Ives
> > <jives () security berkeley edu> wrote:
> > > My understanding from my own research is that for each instance
> > > of snort on a system there needs to be an instance of barnyard2
> > > each with its own configuration file.
> >
> > Each instance Need its own configuration file that will
> > differentiate each instance especialy if you log to a database.
> >
> > If you log to syslog for example you can use only one configuration
> > and spawn each by2 process with a script loop.
>
> Trying to output it to a postgres db. I did a quick look in the
> configuration, but I didn't see what option is used to differentiate
> the instances, so I suspect this is the root of my issue.

Hostname and interface

-elz

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!