[Oisf-devel] filemd5?
Brant Wells
bwells at tfc.edu
Thu Feb 16 20:30:58 UTC 2012
On Thu, Feb 16, 2012 at 3:23 PM, Victor Julien <victor at inliniac.net> wrote:
> On 02/16/2012 09:05 PM, Brant Wells wrote:
> > On Thu, Feb 16, 2012 at 2:36 PM, Victor Julien <victor at inliniac.net>
> wrote:
> >
> >> On 02/16/2012 08:08 PM, Brant Wells wrote:
> >>>>
> >>>>>> The first one: a growing single file or socket of JSON lines which a
> >>>>>> script can read from and execute actions based on. I'd be happy to
> >>>>>> write such a script for plugins like CIF, Virustotal and malwr.com.
> >>>>
> >>>
> >>> I submitted a (set) of scripts to the list a few days ago, but have not
> >>> heard anything back. I had the scripts attached as text files to the
> >>> message (are we not allowed to do that?).
> >>
> >> There are no pending moderator request. Are you sure you sent it to the
> >> correct list?
> >
> >
> > That's always possible... I've reattached them to this email. I have
> been
> > using the scripts for several weeks now. The surilog script is where the
> > magic happens with the FIFO, et al.
> >
> > The startsuricata is a script I use for starting Surilog, Suricata (and
> > BY2) since I'm terrible with init scripts, lol.
> >
> > And the logrotate one is for log rotation. I have mine set at 300megs /
> > daily.
> >
> > See if those will work for what he's wanting.
>
> Brant, have you looked at the unix socket support for http.log as well?
> Might make it even easier.
Actually, no, I haven't. I didn't realize that kind of support was there,
and I'm not sure I understand the uses for the unix socket support... I
started working on the scripts a while back when someone gave me the idea
to use a FIFO...
How would it be different?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120216/4c1acb30/attachment-0002.html>
More information about the Oisf-devel
mailing list