Hi all, I'm currently running snort 2.9.5.3 inline on my network using pf_ring 5.6.1 along with the igb DNA drivers and the pfring_dna DAQ. I'm starting each instance of snort with something along the lines of "/usr/local/bin/snort --daq-dir /usr/local/lib/daq --daq pfring_dna -i dna0:dna1..."
This has been working great, so no complaints there. I was hoping to be able to introduce other applications that would need to see the traffic, such as OpenFPC for full packet captures. I've read that libzero can be used for allowing multiple apps to access the traffic. Most of the research I've done on the Internet show examples of it being used with a passive snort installation. My question is can libzero be used with snort instances that are running in inline mode? If not, any takes on how I should handle this? Just wanted to get a feel for how others are handling this type of situation and any pointers you might have. Thanks.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
