Snort mailing list archives

Re: Run an external program

From: Bennett Todd <bet () rahul net>
Date: Wed, 5 Mar 2003 10:02:29 -0500

I don't know about the engineering tradeoffs applying on Windows,
but on Unix the stock answer is "use an external program to do the
deed". Whether you're using normal logfile output or syslog, you can
use a logfile tailer like swatch to trigger invocation of external
programs. Besides keeping snort simpler, this also has the
performance advantage of decoupling the (expensive) operation of
running an external program from the (performance-sensitive)
snorting.

-Bennett

Attachment: _bin
Description:

Current thread:

Run an external program Gregory . Kane (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
  - Re: Run an external program Bennett Todd (Mar 05)
    - Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
    - Re: Run an external program Bennett Todd (Mar 05)
    - Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
    - Re: Run an external program Erek Adams (Mar 05)
    - Re: Run an external program Bennett Todd (Mar 05)
    - Re: Run an external program Erek Adams (Mar 05)
    - Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)