[Snort-users] "Saving State" in Snort

Chris Green cmg at ...1935...
Tue Apr 1 06:06:26 EST 2003

"Michael L. Artz" <dragon at ...8731...> writes:

> I am fairly new to Snort, so feel free to abuse away ...
[ snip ]

> Is there an intelligent way to do this?  I think that having Snort
> (optionally) dump its current state and then be able to read it in and
> start where it left off would be pretty cool, and solve my situation
> nicely.
> Any help would be appreciated.
> Thanks
> -Mike

Finally a use for reading in off stdin

(for i in *.cap.gz| do gzip -dc $i; done) | snort -r -  <args>

Chris Green <cmg at ...1935...>
Warning: time of day goes back, taking countermeasures.

More information about the Snort-users mailing list