[Snort-users] Pcap filename from --pcap-dir?

Andre DiMino adimino at ...16035...
Sat Jan 5 09:23:10 EST 2013

I often run snort against a directory of dumped pcaps from sandbox
output using the --pcap-dir option. I output the entire run in csv
Ideally, I'd like to include the name of the pcap or other identifying
information in the csv output.

I know I could script something to read one file at a time and output
it that way, but I'm looking to make better use of the --pcap-dir
option in an automated bulk process.
Has anyone done something similar who can shed some ideas?



Andre' M. DiMino
DeepEnd Research

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

More information about the Snort-users mailing list