Home page logo

snort logo Snort mailing list archives

Re: Barnyard2 and multiple sensors
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Fri, 29 Oct 2010 16:39:55 +1300

On 21/10/2010, at 5:18 PM, Joel Esler wrote:

Run two instances of Barnyard as well.

OK, reworked all my scripts to handle multiple instances of barnyard but I have just realised that I can't find anyway 
of telling barnyard2 which sid to use.  Nor does it allow a filter option as barnyard (acid output plugin) did.

So if you are splitting traffic on a single interface between two snort instances how do we configure barnyard2 so that 
it does not trip over itself with respect to sids.

I have poked though the source and played with putting the filters on the command line but am really none the wiser -- 
anything I put on the commandline seems to be ignored completly.

From the source I think barnyard is supposed to take a filter on the commandline and us it to select sid but it still 
writes the pid file as barnyard2_<int>.pid so this will fail ???

Russell (the confused! -- so what is new:)


On Oct 20, 2010, at 11:40 PM, Russell Fulton wrote:

Hi Folks

I am at the point where I need to have more than one snort instance running on a given sensor so we can take 
advantage of multiple CPUs and thus I will be producing multiple unified2 files on a sensor.  Logically there is 
still just one sensor -- can barnyard2 merge input from more than one input file?  I've googled and rtfm'ed and 
could not find anything that suggested that this is possible.  I hope I missed something :)

Joel Esler

Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]