RE: [Snort-users] Multiple Win32 occurances?
This is a discussion on RE: [Snort-users] Multiple Win32 occurances? within the Snort forums, part of the System Security and Security Related category; This is on a windows box, and you are talking UNIX :-) Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-26-2003
|
|||
|
|||
RE: [Snort-users] Multiple Win32 occurances?
This is on a windows box, and you are talking UNIX :-)
Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels@winsnort.com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net [mailto:snort-users- > admin@lists.sourceforge.net] On Behalf Of Paul Schmehl > Sent: Tuesday, November 25, 2003 7:12 PM > To: Rich Adamson; Snort Users Postings > Subject: Re: [Snort-users] Multiple Win32 occurances? > > --On Tuesday, November 25, 2003 20:08:18 -0600 Rich Adamson > <radamson@routers.com> wrote: > > > > >> > Anyone tried to monitor two or more nic's from a single Win32 snort, > >> > or, run two Win32 snort images (one on each nic)? Problems / issues? > >> > > >> How about two snort instances on one nic? I'm doing that with no > >> problems. > > > > Cool... off to play... > > Well, if you're going to do that, here's a couple of learned lessons: > > 1) I created a symlink to the "real" snort binary and named it > "snort_special". > 2) I created "snort_special" conf files, ACID directory, start scripts, > etc., etc. > 3) I use the -R switch on the special instance so the two instances use > separate PIDs. Otherwise you'll have problems with disk usage "growing" > uncontrollably, and the only way to correct it is to stop both instances > and allow disk usage (according to df) to shrink back to normal size. > > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
