[Snort-users] -r'ing multiple logs.

Scott A. McIntyre scott at ...1050...
Tue Jan 30 08:55:55 EST 2001


Hi,

Given the frequency with which I'm having to fine tune my rules, add new
ones, etc, I'm generating dozens and dozens of snort logs (binary)...

It would be very handy if -r could take regular expressions, or even
multiple arguments for replaying.

Trying now merely does:

snort -r snort* -vdC port 98

        --== Initializing Snort ==--
TCPDUMP file reading mode.
Reading network traffic from "snort-0108 at ...1234..." file.
snaplen = 1514
ERROR: OpenPcap() FSM compilation failed: 
        parse error
PCAP command: snort-0108 at ...1235... snort-0109 at ...1236...
snort-0109 at ...1237... snort-0109 at ...1238... snort-0112 at ...1239...
snort-0112 at ...1240... snort-0112 at ...1241... snort-0112 at ...1242...
snort-0112 at ...1243... snort-0112 at ...1244... snort-0112 at ...1245...
snort-0130 at ...1236... port 98

and so on.

Scott





More information about the Snort-users mailing list