Snort mailing list archives
RE: Multiple Snort Instances
From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Fri, 28 Feb 2003 12:30:00 -0600 (CST)
Maybe I'm being brain-dead today (please be nice) but why would someone want to run multiple instances of snort?
I run one production instance in daemon mode and have it logging to a remote DB. In this case, I was on the sensor and needed to look at all the traffic on-the-fly. I noticed that when I started my second instance at the command line, my daemonized instance was not logging anything to the database and my on-the-fly session was only capturing traffic destined for the local machine. The workaround I implemented was to ifconfig the interface in promisc mode then use the -p option to snort to tell it to leave the interface alone. This way, multiple snort instances can see all the traffic. HTH. --------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Snort Instances Demetri Mouratis (Feb 27)
- Re: Multiple Snort Instances Erek Adams (Feb 27)
- RE: Multiple Snort Instances Mike Koponick (Feb 27)
- RE: Multiple Snort Instances Erek Adams (Feb 27)
- <Possible follow-ups>
- RE: Multiple Snort Instances Eric Joe (Feb 27)
- RE: Multiple Snort Instances McPheeters, Scott (Feb 27)
- RE: Multiple Snort Instances Williams Jon (Feb 28)
- RE: Multiple Snort Instances Demetri Mouratis (Feb 28)