Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Saving State" in Snort

From: Chris Green <cmg () sourcefire com>
Date: Tue, 01 Apr 2003 09:05:38 -0500
"Michael L. Artz" <dragon () october29 net> writes:


I am fairly new to Snort, so feel free to abuse away ...


[ snip ]


Is there an intelligent way to do this?  I think that having Snort
(optionally) dump its current state and then be able to read it in and
start where it left off would be pretty cool, and solve my situation
nicely.

Any help would be appreciated.

Thanks
-Mike



Finally a use for reading in off stdin

(for i in *.cap.gz| do gzip -dc $i; done) | snort -r -  <args>

-- 
Chris Green <cmg () sourcefire com>
Warning: time of day goes back, taking countermeasures.



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: