Home page logo
/

snort logo Snort mailing list archives

FIFO instead of NIC
From: Tiaan Wessels <tiaanwessels () gmail com>
Date: Fri, 21 Jun 2013 13:09:18 +0200

Hi,
I have installed snort on an Ubuntu machine. I have in /etc/snort a file
with DEBIAN_SNORT_INTERFACE="eth0" in it which results in snort starting at
boot with -i eth0 in its command-line. However, I want snort to startup on
boot to read from a fifo e.g. /tmp/eth0.fifo instead. Can someone assist to
show how to achieve this. I have a router sending all traffic to my Ubuntu
machine in TZSP . I have a program that strips of TZSP and dumps in pcap
format to a fifo /tmp/eth0.fifo and I want snort to use this traffic for
analysis instead of the Ubuntu machine's own eth0. Essentially I want the
-i eth0 replaced with -r /tmp/eth0.fifo but cannot figure out where in
snort's configs to do this.
Thanks
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault