[Oisf-users] Suricata reading standard input from gulp?

[Jeremy MJ]

Is it possible to run gulp (https://staff.washington.edu/corey/gulp/)
and have suricata read the input from standard output on the fly? I
tried this:
gulp -i rspan0 -d | /usr/bin/suricata -r - -c /etc/suricata/suricata.yaml -v

But it doesn't like the input (probably because -r expects offline and
complete / end of file):
9/2/2016 -- 15:50:15 - <Info> - reading pcap file -
9/2/2016 -- 15:50:15 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] -
truncated dump file; tried to read 4 file header bytes, only got 0

Also, live mode, -i, wants a device. The reason for wanting to do this
is I do a lot of testing with erspan and suricata.

Thanks in advance for any help,

--
Jeremy MJ