Home page logo
/

snort logo Snort mailing list archives

Re: Barnyard2 issue w/unified2 ?
From: John Ives <jives () security berkeley edu>
Date: Thu, 15 Aug 2013 15:37:15 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/2013 1:59 PM, waldo kitty wrote:
On 8/15/2013 13:50, John Ives wrote:
Trying to output it to a postgres db. I did a quick look in the 
configuration, but I didn't see what option is used to
differentiate the instances, so I suspect this is the root of my
issue.

one major thing to note in the cases of running multiple instances
of a program is the PID file they use... you definitely do not want
more than one instance using the same PID file...

how to indicate to the instance what its ID is in addition to its
normal "ID" is something else altogether... some apps have
provisions for this while others do not...

for example, in our environment, snort sniffing the ppp0 interface
has a PID file name of snort_ppp0.pid... on the eth0 interface, it
is snort_eth0.pid... same for the other interfaces...


Well the pid is not the issue as each instance of barnyard has a
different pid file numbered sequentially in the launching script.

It might also be noteworthy to mention that the issue is more obvious
when I stress test the system by saturating the link. If I reduce the
amount of traffic, it will generally take longer for it to reoccur.
Unfortunately, the configuration I am running now is not saturated
because I have another project that is taking up my time so I haven't
gone back yet to add more traffic to the link.

John



- -- 
- -------------------------------------------------------------------------
John Ives
System & Network Security                           Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSDVgbAAoJEJkidK6qbywsfkwH/2CL94tNG48wBh9xFvBFqQ+E
cscS7+1ao59gvAHaXaGT8IUqJ9tvCchSjW4AUIqacm5XeCp98E1e7SZjtLSJGn7h
fIDHSHC4liFQF4TL9zGjz+BhKOiTa2YBHKgpzz1N1S6jwZTDtlbMf1rV++8VnsJu
HJPuhQ+1Mu2u0+f0sFaPrvVJpiFHkmc1GfZ3L1EZ7La/dSd2uuJlh/YTBSTyvb2X
Pv/QtQv61rGkcQSbGNiSPETgFl+QAHa0rRjYYvq2SYMQSeajmOQw5r+eHiJJrNlj
z7bL0hufvHNxgS0syZIFjQ4+GSbFH2CK3ug7owM1wFRdmbgCKt2ZS5eJbQght1c=
=3kyV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault