Snort mailing list archives

Re: Snort handling multiple Pcap files

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 6 Jan 2017 18:56:32 +0000

Run snort -h

   --pcap-single <tf>              Same as -r.
   --pcap-file <file>              file that contains a list of pcaps to read - read mode is implied.
   --pcap-list "<list>"            a space separated list of pcaps to read - read mode is implied.
   --pcap-dir <dir>                a directory to recurse to look for pcaps - read mode is implied.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: "Asad, Hafiz ul" <Hafiz-ul.Asad () city ac uk<mailto:Hafiz-ul.Asad () city ac uk>>
Date: Friday, January 6, 2017 at 12:53 PM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Snort handling multiple Pcap files

Snort Users,

Is it possible that snort could analyse multiple ‘pcap’ files. To be more specific, is it possible to have ,

Snort  -r file1.pcap file2.pcap….filen.pcap

Regards
Asad

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort handling multiple Pcap files Asad, Hafiz ul (Jan 06)
- <Possible follow-ups>
- Re: Snort handling multiple Pcap files Al Lewis (allewi) (Jan 06)
  - Re: Snort handling multiple Pcap files Asad, Hafiz ul (Jan 12)