Re: Multiple DBs, and multithreading

[wkitty42 () windstream net]

On 05/02/2017 06:25 AM, Abdullah AL-Mutairy wrote:
> Hello everyone!
>
> Does snort support using multiple databases? Let's say i have my own database
> that i would like snort to check it first before its default database.

snort doesn't do databases directly since a very long time... the task of 
placing alerts into a database is relegated to some other tool like barnyard2 or 
similar... writing alerts to more than one database is up to your tool's 
configuration... reading those alerts from more than one database is up to your 
analysis tools...

> Does snort 2.9 have multithreading feature? If not, i could simulate that by
> running two processes at same time, but it might not work if answer of
> question 1 is no.

you can have more than one snort running at a time... you can also have more 
than one barnyard2 running at a time... each will have their own configurations 
so it is conceivable that you can have one snort's alerts being written to one 
database while the other snort's alerts are written to another database...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!