<div dir="ltr">Thanks, I think that'll do. =)</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 22, 2014 at 3:00 PM, Chris Wakelin <span dir="ltr"><<a href="mailto:c.d.wakelin@reading.ac.uk" target="_blank">c.d.wakelin@reading.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Have a look at<br>
<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket</a><br>
<br>
I think the bit under "Pcap processing mode" is what you want?<br>
<br>
Best Wishes,<br>
Chris<br>
<div><div class="h5"><br>
On 22/10/14 22:20, Duane Howard wrote:<br>
> Does Suricata have a --pcap-dir equivalent? Or a better method of running<br>
> through a stack of pcap files that doesn't involve looping over -r, or<br>
> using tcpreplay or similar?<br>
><br>
> ./d<br>
><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> Training now available: <a href="http://suricata-ids.org/training/" target="_blank">http://suricata-ids.org/training/</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-<br>
Christopher Wakelin, <a href="mailto:c.d.wakelin@reading.ac.uk">c.d.wakelin@reading.ac.uk</a><br>
IT Services Centre, The University of Reading, Tel: <a href="tel:%2B44%20%280%29118%20378%202908" value="+441183782908">+44 (0)118 378 2908</a><br>
Whiteknights, Reading, RG6 6AF, UK Fax: <a href="tel:%2B44%20%280%29118%20975%203094" value="+441189753094">+44 (0)118 975 3094</a><br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Training now available: <a href="http://suricata-ids.org/training/" target="_blank">http://suricata-ids.org/training/</a><br>
</font></span></blockquote></div><br></div>