[Oisf-devel] PF_RING missing alerts that PF_RING-enabled libpcap matches
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed Jul 27 23:00:34 UTC 2011
On 27/07/2011 23:52, Will Metcalf wrote:
> We set the application name in suricata. It's a PF_RING API call. I'm
> guessing libpcap doesn't do this?
No, though I did consider adding it as a patch; we got it to set
Cluster_ID and type from environment variables (PCAP_PF_RING_CLUSTER_ID,
PCAP_PF_RING_USE_CLUSTER_PER_FLOW) so that you could have clustering in
libpcap applications.
The application can't tell libpcap explicitly what it is as far as I
know, but you could (easy) pick it up from another user-specified
environment variable or (harder) work it out from the command line in
the environment.
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list