[Oisf-devel] proposed patch to add archive mode to pcap-log module

Victor Julien victor at inliniac.net
Thu May 24 13:09:51 UTC 2012

On 05/24/2012 12:58 PM, Roberto Martelloni wrote:
> Also a fix to the file name are added.
> In archive mode the file name is in this format:
> hostname-YYYYMMDD-HHMMSS.pcap

The hostname is the ids system's hostname?

> I've added this mode of running to allow a software in pipe to read data
> only from NON running file dump and to allow a system administrator to
> identify which file are actually in dump and which one are already
> dumped and closed.

So if I understand correctly, the problem this should solve is to make
sure it's clear to the administrator which of the logged pcap files in
the log directory are already completed?

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list