Re: Multiple Sensors

["Salil D." <salildumbre () rediffmail com>]

Hello Folks,

I was able to configure snort for multiple sensors on same database

just ran snort for each sensor
"snort -c ... -i eth0 "
"snort -c ... -i eth1 "   ... and things worked out fine



happy weekend to all



Best Regards,

Salil.

  


On Fri, 25 Mar 2005 Salil D. wrote :
> Hello Michael,
>
> I still am not able to configure additional sensors.
>
> Following line is from my snort.conf file,
>
> "   output database: log, mysql, encoding=ascii user=XXXXXXX password=XXXXXX dbname=snort host=XXX.XXX.XXX.XXX    "
>
> I have total 3 interface cards on the machine where snort is installed
> (all cards on same machine)
>
> snort has detected one ip address out of the 3 , and set that as default sensor name.
>
> In order to configure additional sensor, I have explicitly inserted a record in the sensor table with relevant field 
> entries for other ip address.
>
> Logged data carries information only about the default sensor.
> I dont find any data sensed at the other sensor inserted later.
>
> am I headed in the right way?
>
> Kindly let me know of possible solution.
>
> Thanks,
>
> Salil.