Feature #1710
openUnix socket: Send output to unix socket
Description
A new socket UNIX command for analyzing PCAP files and sending the resulting logs to a UNIX socket instead sending it to an output directory as currently does would be great.
This way we can parse the whole log output in memory without touching disk increasing the performance analyzing PCAP files.
Cheers
Updated by Victor Julien over 8 years ago
- Assignee set to Anonymous
- Target version set to TBD
I like the idea, but I don't see the team having time for it anytime soon.
Btw, as a work around you could configure most outputs to output to unix socket. It would be a different socket than the control socket though.
Updated by Fanny Dwargee over 8 years ago
Victor,
How can I differentiate between logs of each pcap file?
Victor Julien wrote:
Btw, as a work around you could configure most outputs to output to unix socket. It would be a different socket than the control socket though.
Updated by Fanny Dwargee over 8 years ago
I see, just specifying a relative UNIX socket name as the output log file
Regards,
Fanny
Updated by Jason Ish over 6 years ago
- Subject changed from New socket UNIX command for pcap files to Unix socket: Send output to unix socket
- Effort set to medium
- Difficulty set to medium
Edit title. Was: New socket UNIX command for pcap files