Snort mailing list archives
Re: Run an external program
From: Bennett Todd <bet () rahul net>
Date: Wed, 5 Mar 2003 10:25:45 -0500
2003-03-05T09:39:50 Erek Adams:
I'd honestly suggest moving to a *NIX platform and alerting to a socket.
That would worry me; wouldn't snort block on writes when the reader is off executing some program? Rather than using IPC to let swatch feed the program-executer directly, go by way of a logfile; if the program-executer doesn't always keep up (if it falls behind when it's running the external program) that's fine, the logfile provides intrinsic buffering. -Bennett
Attachment:
_bin
Description:
Current thread:
- Run an external program Gregory . Kane (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)