Snort mailing list archives
multiple files off of stdin?
From: "Michael L. Artz" <dragon () october29 net>
Date: Sat, 19 Apr 2003 10:54:24 -0400
Don't know if the last message got through, sorry if this is a dup ...Anyway, is there a way to have snort process multiple files off of stdin? I.e.
cat file1.pcap file2.pcap | snort -r - <other args>fails just before processing file2 with the error: "pcap_loop: truncated dump file", which I assume has to do with the little header that libpcap formatted files have at the beginning. I can mergecap the files and run them through fine, it is only when I try and run multiple pcap files through, in a fashion such as:
(for i in *.cap.gz| do gzip -dc $i; done) | snort -r - <args>which I can't easily mergecap because of space issues. Plus, I have the files spread across multiple DVDs and would like to have a little script that creates a snort pipe and then pumps pcap files to it, which could be written so that snort (and all session and reassembly information) survives a change of dvd.
Thanks -Mike ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple files off of stdin? Michael L. Artz (Apr 19)
- Re: multiple files off of stdin? Phil Wood (Apr 19)
- Re: multiple files off of stdin? Michael L. Artz (Apr 19)
- Re: multiple files off of stdin? Chris Green (Apr 23)
- Re: multiple files off of stdin? Phil Wood (Apr 19)