Re: [Snort-users] Multiple instances of snort on a bonded interface

On Thursday 10 June 2004 05:51 pm, Corey Rock wrote:

> Now, what you seem to really be asking is how to get snort to dump a binary
> pcap file. You can tell snort (in snort.conf) to log to mysql and to a
> binary pcap file, without having to run another instance of snort

Thanks for the advice. I aplogize for not detailing my question enough. I was
actually hoping to run 2 different instances of snort. Each with different
signature configurations. I have separate snort.conf files setup for each
instance. Still can't get the 2nd one to capture traffic. Maybe I'll have a
chance to play with Snot and try to generate specific alerts on the other
instance. But this is on a production LAN, so I may not get the chance. =(

But you are right in the end. If I can't get this to work, I'm just going to
have to bite the bullet and have one instance log in both formats.

--
Miles Stevenson
miles@mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users