Snort mailing list archives
Re: multiple interface server, snort & barnyard
From: Y M <snort () outlook com>
Date: Mon, 1 Jul 2013 15:00:16 +0000
If you will be running multiple snort processes, then you will need to run the same number of barnyard2 processes, one for each snort process. In each barnyard2 conf. file, make sure to add the sensor name in your database connection, such that: barnyard1.conf --> sensor_name=sensor1 barnyard2.conf --> sensor_name=sensor2 barnyard3.conf --> sensor_name=sensor3 Also, make sure that your snort output directories are separate, such that: for snort1 --> /var/log/snort/snort1 for snort2 --> /var/log/snort/snort2 for snort3 --> /var/log/snort/snort3 If you will be using multiple snort conf files, then refere to the documentation: http://manual.snort.org/node25.html Hope this give a good start. Thanks. YM Date: Fri, 28 Jun 2013 11:07:18 -0400 From: dwmetz () gmail com To: snort-users () lists sourceforge net Subject: [Snort-users] multiple interface server, snort & barnyard looking for documentation on how to use multiple interfaces for traffic capture (receiving from different network segments) and use barnyard2 for output to snort DB. i've got it working fine for a single interface but am getting hung up in trying to figure how to get multiples operating at the same time. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- multiple interface server, snort & barnyard Doug Metz (Jul 01)
- Re: multiple interface server, snort & barnyard waldo kitty (Jul 01)
- Re: multiple interface server, snort & barnyard Y M (Jul 01)