|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] "Saving State" in Snort
From: Chris Green (cmg
sourcefire.com)
Date: Tue Apr 01 2003 - 08:05:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Michael L. Artz" <dragonoctober29.net> writes:
> I am fairly new to Snort, so feel free to abuse away ...
>
[ snip ]
> Is there an intelligent way to do this? I think that having Snort
> (optionally) dump its current state and then be able to read it in and
> start where it left off would be pretty cool, and solve my situation
> nicely.
>
> Any help would be appreciated.
>
> Thanks
> -Mike
>
Finally a use for reading in off stdin
(for i in *.cap.gz| do gzip -dc $i; done) | snort -r - <args>
--
Chris Green <cmgsourcefire.com>
Warning: time of day goes back, taking countermeasures.
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]