Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple snort instance with different rulesets

From: Marc-Andre Hamelin <mhamelin () matrox com>
Date: Sun, 14 Oct 2001 02:13:22 -0400

Hi all,

I have a server running snort with multiple interfaces to monitor multiple
networks.

I tried to run multiple snort instance (one for each interface) with a
different ruleset for each, but it seems that all of them are using the same
ruleset (the one loaded by the first snort process started).

I need to do that because each network is different. Some may have local
rules that other don't need, etc...etc

Is it normal, I mean, because of the way snort is designed ?  
Is there another way to achieve my goal ?

Any ideas ?

Just a last minute thought as I am writing; could I have to name each
"snort.conf" file with different names (something like snort.conf.eth0,
snort.conf.eth1, etc...) ?



Marc


P.S. in case it could help, here's my startup script :

#!/bin/sh

case "$1" in
        start)
                /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf
-d -D -e -i eth0 -l /export/snort/eth0/logs/
                /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf
-d -D -e -i eth1 -l /export/snort/eth1/logs/
                /usr/local/bin/snort -c /export/snort/eth2/rules/snort.conf
-d -D -e -i eth2 -l /export/snort/eth2/logs/
                /usr/local/bin/snort -c /export/snort/eth3/rules/snort.conf
-d -D -e -i eth3 -l /export/snort/eth3/logs/
                ;;
        stop)
                /usr/bin/killall snort
                ;;
        restart)
                /usr/bin/killall snort
                /usr/local/bin/snort -c /export/snort/eth0/rules/snort.conf
-d -D -e -i eth0 -l /export/snort/eth0/logs/
                /usr/local/bin/snort -c /export/snort/eth1/rules/snort.conf
-d -D -e -i eth1 -l /export/snort/eth1/logs/
                /usr/local/bin/snort -c /export/snort/eth2/rules/snort.conf
-d -D -e -i eth2 -l /export/snort/eth2/logs/
                /usr/local/bin/snort -c /export/snort/eth3/rules/snort.conf
-d -D -e -i eth3 -l /export/snort/eth3/logs/
                ;;
        *)
                echo "Usage: /etc/init.d/snortd {start|stop|restart}"
                ;;
esac
exit 0

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: