[Snort-users] Snort read a incremental file

Felix Erlacher felix.erlacher at ...17726...
Mon Jan 30 10:54:37 EST 2017 

Hi Paul,

I would naively assume that Snort reads them one after another in the
same order it would read normal files.

greets

felix

On 30/01/17 16:42, Paul Li wrote:
> Thanks Felix. That works well for my issue. Much appreciated.
> 
> A follow up question: if I have a multiple pipes like this one, would
> there be any order how snort reads them?
> 
> Thanks,
> Paul
> 
> On Saturday, January 28, 2017, Felix Erlacher <felix.erlacher at ...17726...
> <mailto:felix.erlacher at ...17726...>> wrote:
> 
>     Hi Paul,
> 
>     On a decent OS you can write pcap data to a named pipe and make snort
>     read form that named pipe. That might be a solution in your case.
> 
>     Example on Debian:
>     #mkfifo mypipe
>     than make your program write data to that file, and with snort simply
>     #snort -c snort.conf -r ./mypipe
> 
>     greets
> 
>     felix
> 
>     On 28/01/17 14:52, Paul Li wrote:
>     > I've got a pcap file that keep adding new network data. I know
>     Snort can
>     > read a file, but is there a way Snort can read the continuously added
>     > data to the file?
>     >
>     > Thanks,
>     > Paul
>     >
>     >
>     >
>     ------------------------------------------------------------------------------
>     > Check out the vibrant tech community on one of the world's most
>     > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>     >
>     >
>     >
>     > _______________________________________________
>     > Snort-users mailing list
>     > Snort-users at lists.sourceforge.net <javascript:;>
>     > Go to this URL to change user options or unsubscribe:
>     > https://lists.sourceforge.net/lists/listinfo/snort-users
>     <https://lists.sourceforge.net/lists/listinfo/snort-users>
>     > Snort-users list archive:
>     >
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>     <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
>     >
>     > Please visit http://blog.snort.org to stay current on all the
>     latest Snort news!
>     >
> 
>     --
>     Felix Erlacher
>     ccs-labs.org/~erlacher <http://ccs-labs.org/~erlacher>
> 
>     Key-ID:4EAC0959
> 
> 
> 

-- 
Felix Erlacher
ccs-labs.org/~erlacher

Key-ID:4EAC0959

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170130/e556dae4/attachment.sig>

More information about the Snort-users mailing list