[Oisf-devel] proposed patch to add archive mode to pcap-log module
Victor Julien
victor at inliniac.net
Thu May 24 13:09:51 UTC 2012
On 05/24/2012 12:58 PM, Roberto Martelloni wrote:
> Also a fix to the file name are added.
> In archive mode the file name is in this format:
> hostname-YYYYMMDD-HHMMSS.pcap
The hostname is the ids system's hostname?
> I've added this mode of running to allow a software in pipe to read data
> only from NON running file dump and to allow a system administrator to
> identify which file are actually in dump and which one are already
> dumped and closed.
So if I understand correctly, the problem this should solve is to make
sure it's clear to the administrator which of the logged pcap files in
the log directory are already completed?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list