Re: multiple interface server, snort & barnyard

[waldo kitty <wkitty42 () windstream net>]

On 6/28/2013 11:07, Doug Metz wrote:
> looking for documentation on how to use multiple interfaces for traffic capture
> (receiving from different network segments) and use barnyard2 for output to
> snort DB.
>
> i've got it working fine for a single interface but am getting hung up in trying
> to figure how to get multiples operating at the same time.

you don't give much to go one... like what you've done that's failing and/or 
what error messages you are getting from where...

with that said i'll give it a quick shot... IIRC, you use one snort per 
interface... then when setting up with barnyard, each of those snorts is given a 
unique ID so they can all talk to the one barnyard... from there, the one 
barnyard puts the data into the database using the unique ID of each snort so 
you can see which snort made that alert...

i can't get any more detailed than that at this time... i'm sure that someone 
else will pop in with a few more details that may help...

-- 
NOTE: *No off-list assistance is given without prior approval.*
       /Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted./

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!