Snort mailing list archives
RE: Multiple Win32 occurances?
From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 26 Nov 2003 07:55:46 -0800
This is on a windows box, and you are talking UNIX :-) Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Paul Schmehl Sent: Tuesday, November 25, 2003 7:12 PM To: Rich Adamson; Snort Users Postings Subject: Re: [Snort-users] Multiple Win32 occurances? --On Tuesday, November 25, 2003 20:08:18 -0600 Rich Adamson <radamson () routers com> wrote:Anyone tried to monitor two or more nic's from a single Win32 snort, or, run two Win32 snort images (one on each nic)? Problems / issues?How about two snort instances on one nic? I'm doing that with no problems.Cool... off to play...Well, if you're going to do that, here's a couple of learned lessons: 1) I created a symlink to the "real" snort binary and named it "snort_special". 2) I created "snort_special" conf files, ACID directory, start scripts, etc., etc. 3) I use the -R switch on the special instance so the two instances use separate PIDs. Otherwise you'll have problems with disk usage "growing" uncontrollably, and the only way to correct it is to stop both instances and allow disk usage (according to df) to shrink back to normal size. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Win32 occurances? Rich Adamson (Nov 25)
- Re: Multiple Win32 occurances? Paul Schmehl (Nov 25)
- RE: Multiple Win32 occurances? Michael Steele (Nov 25)
- RE: Multiple Win32 occurances? Paul Schmehl (Nov 25)
- RE: Multiple Win32 occurances? Michael Steele (Nov 25)
- RE: Multiple Win32 occurances? Paul Schmehl (Nov 25)
- RE: Multiple Win32 occurances? Michael Steele (Nov 25)
- Re: Multiple Win32 occurances? Paul Schmehl (Nov 25)
- Re: Multiple Win32 occurances? Rich Adamson (Nov 25)
- Re: Multiple Win32 occurances? Paul Schmehl (Nov 25)
- RE: Multiple Win32 occurances? Michael Steele (Nov 26)
- <Possible follow-ups>
- RE: Multiple Win32 occurances? Michael Steele (Nov 25)
- RE: Multiple Win32 occurances? Jacob Roberts (Nov 26)
- RE: Multiple Win32 occurances? Michael Steele (Nov 26)
- RE: Multiple Win32 occurances? Schmehl, Paul L (Nov 26)
- RE: Multiple Win32 occurances? Michael Steele (Nov 26)