[Oisf-users] Suricata with multiple pcap files
Rasmor, Zachary R
zachary.r.rasmor at lmco.com
Mon Jul 27 15:49:38 UTC 2015
Hi,
I was looking over some of the features for pcap file/offline mode as of
2.1beta4. From what I can see, the only way to run multiple pcap files
through Suricata (without restarting the engine for each file) is to use
Unix Socket mode - is this understanding correct? Per the -list-runmodes
option, Unix Socket mode only supports "single" runmode. Are there any plans
to support workers mode with Unix Socket in the future?
I also noticed that the -r option supports both the "single" and "autofp"
runmodes, but this appears to only support providing one pcap file at a
time. I would like to have the flexibility of supplying an arbitrary number
of pcap files without restarting Suricata each time, so I wanted to confirm
that Unix Socket is the only option.
Thanks,
Zach
________________________
Zach Rasmor
Senior Software Engineer
Lockheed Martin CIRT
700 N Frederick Ave | Gaithersburg, MD 20879
Email: <mailto:zachary.r.rasmor at lmco.com> zachary.r.rasmor at lmco.com
Office: 301.240.6116
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150727/2aac5714/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 11767 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150727/2aac5714/attachment.bin>
More information about the Oisf-users
mailing list