Re: "Saving State" in Snort

[Phil Wood <cpw () cynosure lanl gov>]

On Tue, Apr 01, 2003 at 09:05:38AM -0500, Chris Green wrote:
> "Michael L. Artz" <dragon () october29 net> writes:
>
> > I am fairly new to Snort, so feel free to abuse away ...
> [ snip ]
>
> > Is there an intelligent way to do this?  I think that having Snort
> > (optionally) dump its current state and then be able to read it in and
> > start where it left off would be pretty cool, and solve my situation
> > nicely.
> >
> > Any help would be appreciated.
> >
> > Thanks
> > -Mike
>
> Finally a use for reading in off stdin
>
> (for i in *.cap.gz| do gzip -dc $i; done) | snort -r -  <args>

Been doing it for years.  Now, when are you going to convert* all those crufty
stdout debug, info, and error messages to stderr, so we can:

  cat pcapfile.gz | snort -r - ... -b -L - > snort.cap.gz

? Never mind.

* convert script (unless your virus checker considers it harmful).

> -- 
> Chris Green <cmg () sourcefire com>
> Warning: time of day goes back, taking countermeasures.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb: 
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw () lanl gov

Attachment: printf-to-LogMessage
Description: