Is there a way to log certain signatures/alerts to a specific log file or database using one instance of snort or one config?


I want to log all SPYWARE-DNS DNS lookup (part of the blackhole dns project) to a file and exclude them from being logged to my main alert database.

These rules are located @

I'm currently running instance of snort with three rulesets.

The official set
The community set
Bleeding Snort set

In addition, I just want the blackhole dns just to see if/when any boxes look up spyware domains.

I have this running, but I'd like it in either a separate database or log.

I'm thinking that I should just create a new config and run a separate instance of snort?
Will that cause problems running two instances of snort on one interface?
Or, should I install yet another NIC just for that config?