[Snort-users] Pcap filename from --pcap-dir?

Andre DiMino adimino at ...16035...
Sat Jan 5 09:23:10 EST 2013


I often run snort against a directory of dumped pcaps from sandbox
output using the --pcap-dir option. I output the entire run in csv
format.
Ideally, I'd like to include the name of the pcap or other identifying
information in the csv output.

I know I could script something to read one file at a time and output
it that way, but I'm looking to make better use of the --pcap-dir
option in an automated bulk process.
Has anyone done something similar who can shed some ideas?

Thanks!
Andre'

-- 

Andre' M. DiMino
DeepEnd Research
http://deependresearch.org
http://sempersecurus.org

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)




More information about the Snort-users mailing list