On Fri, 25 Oct 2013, Rolf Nufable wrote:
HI! one question
is there a way for sec to read from a text file and use its configured
rules to correlate the data inside the text file??
(I'm using snort to scan network traffic and use barnyard to parse them and
output them to a text file)..
Rolf, that is possible since SEC can use any text file as input.
If barnyard outputs events in multiline format withyour setup, you can take
advantage of multi-line match features of SEC (regexpN patterns with
--nojointbuf command line option). If you are creating output events with
barnyard's
hi all,
today, the 2.7.4 version was released which contains the following
improvements over the previous version:
* added support for the 'owritecl' action.
* added support for the --childterm, --nochildterm, --rwfifo and
--norwfifo command line options.
* starting from this version,
Excellent! :)
On Thu, Jun 27, 2013 at 8:35 AM, Risto Vaarandi risto.vaara...@seb.eewrote:
hi all,
today, the 2.7.4 version was released which contains the following
improvements over the previous version:
* added support for the 'owritecl' action.
* added support for the --childterm,
