[ARGUS] Argus taking libpcap files from stdin
Russell Fulton
r.fulton at auckland.ac.nz
Wed Sep 1 00:51:27 EDT 2004
I responded off list pointing out that ra reads .gz files and that I was
not sure if argus did too. Bill has come back with more info so I'm
sending this reply to the list.
On Wed, 2004-09-01 at 16:12, Bill Guyton wrote:
> Thanks, Russell! I didn't know that -- it may come in handy.
>
> Unfortunately, I oversimplified my example. What I've actually working on
> is a tcpdump-like process listening on a live interface that dynamically
> adjusts its pcap filter based on certain events. What I really want to
> do is to be able to pipe directly into argus if at all possible and avoid
> writing to disk.
>
> Would getting rid of the fclose(stdin) break anything, as far as anyone
> knows?
That's one for Carter I think!
--
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
More information about the argus
mailing list