argus processing pcaps
Michal Purzynski
michal at rsbac.org
Fri Apr 19 07:29:15 EDT 2013
On 4/19/13 1:25 PM, Michal Purzynski wrote:
> Hi,
>
> I've got a bunch of pcap files and would like to generate argus data
> from them. It's important to keep things sane, so the flows are
> merged, etc.
>
> How can i achieve this? I guess it's some combination of the argus
> command in a for loop, feeding data to rasplit, but don't really know
> where to start.
Forgot something:
the pcap files are in a single dir, named snort.log.<unix timestamp>
each about 150MB in size.
And there's a lot of them, a few TB.
More information about the argus
mailing list