Hi Daniel, Thanks for the quick response! Replies inline.
On Tue, Oct 30, 2012 at 10:41 AM, Daniel Borkmann <[email protected]> wrote: <snip> >> -n snort.log >> This makes daemonlogger name the files in the output directory >> snort.log.$TIMESTAMP. Is there an equivalent option in netsniff-ng? > > No, currently there is no prefix option. If you like feel free to hack > the code, it should actually not be too difficult. OK, I'll take a look at this. >> -s 134217728 >> This configures daemonlogger to rotate to a new pcap file when it >> reaches 129MB. Is there an equivalent option in netsniff-ng? > > No, we only rotate if a specified interval in seconds runs out. This is somewhat of a dealbreaker for our project. If we rotate based on time, some networks will have 100MB pcaps and other networks will have 1GB or bigger pcaps. We need to be able to define a constant size so that pcaps can be searched in constant time. Is this something that I could hack in fairly easily? >> Thanks in advance for any assistance! > > Also have a look into > https://github.com/gnumaniacs/netsniff-ng/tree/master/Documentation > > It should address quite a lot of things and is more up-2-date than the > faq. For everything else, the mailing list of course. ;) Thanks! -- Doug Burks http://securityonion.blogspot.com --
