[Snort-users] Fwd: Re: Snort read a incremental file

Felix Erlacher felix.erlacher at ...17726...
Sat Jan 28 10:14:04 EST 2017


Hi Paul,

On a decent OS you can write pcap data to a named pipe and make snort
read form that named pipe. That might be a solution in your case.

Example on Debian:
#mkfifo mypipe
than make your program write data to that file, and with snort simply
#snort -c snort.conf -r ./mypipe

greets

felix

On 28/01/17 14:52, Paul Li wrote:
> I've got a pcap file that keep adding new network data. I know Snort can
> read a file, but is there a way Snort can read the continuously added
> data to the file?
> 
> Thanks,
> Paul
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 

-- 
Felix Erlacher
ccs-labs.org/~erlacher

Key-ID:4EAC0959



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170128/5d70ee5f/attachment.sig>


More information about the Snort-users mailing list