[Snort-users] "Saving State" in Snort
cmg at ...1935...
Tue Apr 1 06:06:26 EST 2003
"Michael L. Artz" <dragon at ...8731...> writes:
> I am fairly new to Snort, so feel free to abuse away ...
[ snip ]
> Is there an intelligent way to do this? I think that having Snort
> (optionally) dump its current state and then be able to read it in and
> start where it left off would be pretty cool, and solve my situation
> Any help would be appreciated.
Finally a use for reading in off stdin
(for i in *.cap.gz| do gzip -dc $i; done) | snort -r - <args>
Chris Green <cmg at ...1935...>
Warning: time of day goes back, taking countermeasures.
More information about the Snort-users