Is there a way to log certain signatures/alerts to a specific log file or database using one instance of snort or one config?
Example:
I want to log all SPYWARE-DNS DNS lookup (part of the blackhole dns project) to a file and exclude them from being logged to my main alert database.
These rules are located @ http://www.bleedingsnort.com/blackho...ware-dns.rules
I'm currently running instance of snort with three rulesets.
The official set http://www.snort.org/
The community set http://www.snort.org/
Bleeding Snort set http://www.bleedingsnort.com/
In addition, I just want the blackhole dns just to see if/when any boxes look up spyware domains.
I have this running, but I'd like it in either a separate database or log.
I'm thinking that I should just create a new config and run a separate instance of snort?
Will that cause problems running two instances of snort on one interface?
Or, should I install yet another NIC just for that config?