Snort mailing list archives
Re: Can Snort notify a user program when it finishes processing a packet?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 25 Oct 2016 14:03:07 +0000
I think this thread probably belongs on the Snort-devel list, rather than the user list. May want to move it over there, since the developers of Snort watch that mailing list. -- Joel Esler | Talos: Manager| jesler () cisco com<mailto:jesler () cisco com> On Oct 25, 2016, at 5:32 AM, Chang Liu <gaustin909 () gmail com<mailto:gaustin909 () gmail com>> wrote: Dear all, I thought I state my question clearly. Let me try again. I have a program that will send one packet to Snort at a time. The logic is simple. It waits for Snort to finish processing the packet and get back the decision Snort made on this packet (whether it triggers an alert). My question is how can my program knows that Snort has finished processing the packet it just sent? I have tried two methods: a) start a Snort instance every time it sends a packet. However, the overhead of loading Snort is too long. b) Let Snort sniffing on an interface and send packets to this interface. But how do we know if Snort has finished processing the single packet it just received? Any suggestion is appreciated. Thanks. Chang On Tue, Oct 25, 2016 at 2:19 AM, <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote: On 10/25/2016 01:54 AM, Chang Liu wrote:
Any suggestion to solve this problem? Is it possible to get notification from Snort every time it finishes processing a packet?
the simple answers?? no and no... not the way you are trying... you second given
option of monitoring the alert file is about the only thing you have...
what, exactly, are you trying to do with your program??
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET<http://asp.net/> CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET<http://ASP.NET> CLI. Get your free copy!
http://sdm.link/telerik_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can Snort notify a user program when it finishes processing a packet? Chang Liu (Oct 24)
- Re: Can Snort notify a user program when it finishes processing a packet? wkitty42 (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? Chang Liu (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? Joel Esler (jesler) (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? Jim Campbell (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? Chang Liu (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? Russ (Oct 26)
- Re: Can Snort notify a user program when it finishes processing a packet? Chang Liu (Oct 25)
- Re: Can Snort notify a user program when it finishes processing a packet? wkitty42 (Oct 25)
- <Possible follow-ups>
- Can Snort notify a user program when it finishes processing a packet? Chang Liu (Oct 25)