PacketStreamer icon indicating copy to clipboard operation
PacketStreamer copied to clipboard
verified publisher icon deepfence

README - Add instructions to show live stream use cases

Open sandman137 opened this issue 4 years ago • 3 comments

Show how to live stream traffic into various tools for detection purposes.

I.e. sensor --> receiver --> live stream | TOOL where TOOL = { Zeek, Suricata, Tshark, Moloch etc}

  1. Suricata
  2. Zeek
  3. Tshark
  4. Moloch

sandman137 avatar Mar 31 '22 23:03 sandman137

I'm interested about the best way to send stream live to suricata and zeek

ManofWax avatar Apr 04 '22 13:04 ManofWax

The README closes the Suricata use case, I think we should use FIFO instead of regular files to 'truly live steam' and remove need for file rotation/disk usage concerns etc.

Another option is to use STDOUT | STDIN piping. Sometimes this can lead to buffering issues etc but nothing that cant be solved quickly.

sandman137 avatar Apr 07 '22 20:04 sandman137

I think we should keep this one open till we address 2, 3 and 4 above.

sandman137 avatar Apr 08 '22 22:04 sandman137