Re^2: Help with Snort and File::Tail

in reply to Re: Help with Snort and File::Tail
in thread Help with Snort and File::Tail

I don't know off the top of my head how to do this since I just started Perl and I haven't looked at this specifically but I am certain you can. What do you mean though? I don't really care that the Snort log is in snort.log. I more care that I grab everything that is being written to it (lets say check every 20 seconds with File::Tail) and parse it with Perl, and output it somewhere else.

Comment on Re^2: Help with Snort and File::Tail

Replies are listed 'Best First'.
Re^3: Help with Snort and File::Tail by ikegami (Patriarch) on Jun 23, 2011 at 07:18 UTC
He is suggesting that if snort were to be configured to send output its output to stdout, your script could act like a filter (like grep), so you wouldn't have to use File::Tail and the process would be more reliable. You'd still have to identify alerts, thought. — I'm not familiar with snort. This could be trivial or impossible.	[reply]

In Section Seekers of Perl Wisdom