[Oisf-users] A few questions about logging.
Cooper F. Nelson
cnelson at ucsd.edu
Tue Aug 5 20:49:23 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We are a 10Gbe shop so that isn't going to work. Ideally what I would
like is to use moloch to index/spool packets after suricata is done
sampling/processing them and then spool them to an individual disk per
thread.
- -Coop
On 8/5/2014 1:01 PM, Brandon Lattin wrote:
> I should mention, this was using a RHEL 6.5 box.
>
>
> On Tue, Aug 5, 2014 at 3:00 PM, Brandon Lattin <lattin at umn.edu
> <mailto:lattin at umn.edu>> wrote:
>
> Cooper,
>
> I've redirected traffic via tcpdump -> box1 netcat -> box2 netcat
> listener -> pipe -> suricata (pretty hackish, I know!)
>
> I remember it working without issue. Not quite the same task, but
> perhaps similar enough.
>
> Here's the related commands from my .bash_history
>
> nc -l 10101 > temp.pcap &
> /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata.yaml -r
> ./temp.pcap &
>
> Suricata remained running as long as the netcat listener was
> operational.
>
> Hope this helps!
>
>
>
> On Tue, Aug 5, 2014 at 2:30 PM, Cooper F. Nelson <cnelson at ucsd.edu
> <mailto:cnelson at ucsd.edu>> wrote:
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJT4UNTAAoJEKIFRYQsa8FWhRMH/iotJB6ic17NjNAWuVWLFzaP
SIqJeKjVhKtQFsUjUO9uurG4lpZY04PW/2OT4xiJPIPMUI4iGmdoMLcgjlvgUQaR
FHC8064zi7Bff7XtRErP6+EGxPmdHsl9ry18ol0nkqktDsY3xYBds8ZIsVZIytXX
gvhV/UHHR+OKSvZFW8d/2MQHdMF8RmVf+4iGWn9ToUAf58oVdoadtvBPVWRYleVJ
0PDnJiLtbqS3+CSE5mbSUA0J+BYkfGlR0l8r/px36atIfnDccX2LJrb4iswKNUeR
Sn529DmY5hOfjS1TaGPsuV29dRD/WeU1Po27yprZl10IonpNXiIP6a5LokPobK0=
=FyWX
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list