Snort mailing list archives
Re: Barnyard2 issue w/unified2 ?
From: John Ives <jives () security berkeley edu>
Date: Thu, 15 Aug 2013 15:37:15 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/15/2013 1:59 PM, waldo kitty wrote:
On 8/15/2013 13:50, John Ives wrote:Trying to output it to a postgres db. I did a quick look in the configuration, but I didn't see what option is used to differentiate the instances, so I suspect this is the root of my issue.one major thing to note in the cases of running multiple instances of a program is the PID file they use... you definitely do not want more than one instance using the same PID file... how to indicate to the instance what its ID is in addition to its normal "ID" is something else altogether... some apps have provisions for this while others do not... for example, in our environment, snort sniffing the ppp0 interface has a PID file name of snort_ppp0.pid... on the eth0 interface, it is snort_eth0.pid... same for the other interfaces...
Well the pid is not the issue as each instance of barnyard has a different pid file numbered sequentially in the launching script. It might also be noteworthy to mention that the issue is more obvious when I stress test the system by saturating the link. If I reduce the amount of traffic, it will generally take longer for it to reoccur. Unfortunately, the configuration I am running now is not saturated because I have another project that is taking up my time so I haven't gone back yet to add more traffic to the link. John - -- - ------------------------------------------------------------------------- John Ives System & Network Security Phone (510) 229-8676 University of California, Berkeley - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSDVgbAAoJEJkidK6qbywsfkwH/2CL94tNG48wBh9xFvBFqQ+E cscS7+1ao59gvAHaXaGT8IUqJ9tvCchSjW4AUIqacm5XeCp98E1e7SZjtLSJGn7h fIDHSHC4liFQF4TL9zGjz+BhKOiTa2YBHKgpzz1N1S6jwZTDtlbMf1rV++8VnsJu HJPuhQ+1Mu2u0+f0sFaPrvVJpiFHkmc1GfZ3L1EZ7La/dSd2uuJlh/YTBSTyvb2X Pv/QtQv61rGkcQSbGNiSPETgFl+QAHa0rRjYYvq2SYMQSeajmOQw5r+eHiJJrNlj z7bL0hufvHNxgS0syZIFjQ4+GSbFH2CK3ug7owM1wFRdmbgCKt2ZS5eJbQght1c= =3kyV -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Barnyard2 issue w/unified2 ?, (continued)
- Re: Barnyard2 issue w/unified2 ? Jeff Kell (Aug 13)
- Re: Barnyard2 issue w/unified2 ? Jen Andre (Aug 13)
- Re: Barnyard2 issue w/unified2 ? beenph (Aug 15)
- Re: Barnyard2 issue w/unified2 ? Weir, Jason (Aug 13)
- Re: Barnyard2 issue w/unified2 ? waldo kitty (Aug 13)
- Re: Barnyard2 issue w/unified2 ? Jeff Kell (Aug 13)
- Re: Barnyard2 issue w/unified2 ? John Ives (Aug 15)
- Re: Barnyard2 issue w/unified2 ? beenph (Aug 15)
- Re: Barnyard2 issue w/unified2 ? John Ives (Aug 15)
- Re: Barnyard2 issue w/unified2 ? waldo kitty (Aug 15)
- Re: Barnyard2 issue w/unified2 ? John Ives (Aug 15)
- Re: Barnyard2 issue w/unified2 ? waldo kitty (Aug 15)
- Re: Barnyard2 issue w/unified2 ? beenph (Aug 16)
- Re: Barnyard2 issue w/unified2 ? Jeff Kell (Aug 15)
- Re: Barnyard2 issue w/unified2 ? beenph (Aug 16)