[Snort-users] Sflowtool and Snort

Dies ist eine mehrteilige Nachricht im MIME-Format.
--===============0054512089==
Content-Type: multipart/alternative;
boundary="=_alternative 005087E5C125742C_="

Dies ist eine mehrteilige Nachricht im MIME-Format.
--=_alternative 005087E5C125742C_=
Content-Type: text/plain; charset="US-ASCII"

Hi everyone,

I'm trying to use Snort 2.8.1 with sflowtool 3.12 but I get the following
error:

sflowtool -t | snort -c /etc/snort/snort.conf -r -
Error getting stat on pcap file: -: No such file or directory
ERROR: Error getting pcaps
Fatal Error, Quitting..

I've also tried to use named pipes with a fifo-file with the same result:
sflowtool -t > fifo.pcap
snort -c /etc/snort/snort.conf -r fifo.pcap
Specified pcap is not a regular file: fifo.pcap
ERROR: Error getting pcaps
Fatal Error, Quitting..

Snort is working fine when it listens on eth0.
I've tested the following and it worked fine, too:
sflowtool -t | tcpdump -r -

I would be pleased if you could help me!
Melanie
--=_alternative 005087E5C125742C_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">Hi everyone,</font>
<br>
<br><font size=2 face="sans-serif">I'm trying to use Snort 2.8.1 with sflowtool
3.12 but I get the following error:</font>
<br>
<br><font size=2 face="sans-serif"><b>sflowtool -t | snort -c /etc/snort/snort.conf
-r -</b></font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Error
getting stat on pcap file: -: No such file or directory</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; ERROR:
Error getting pcaps</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Fatal
Error, Quitting..</font>
<br>
<br><font size=2 face="sans-serif">I've also tried to use named pipes with
a fifo-file with the same result:</font>
<br><font size=2 face="sans-serif"><b>sflowtool -t &gt; fifo.pcap</b></font>
<br><font size=2 face="sans-serif"><b>snort -c /etc/snort/snort.conf -r
fifo.pcap</b></font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Specified
pcap is not a regular file: fifo.pcap</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; ERROR:
Error getting pcaps</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Fatal
Error, Quitting..</font>
<br>
<br><font size=2 face="sans-serif">Snort is working fine when it listens
on eth0.</font>
<br><font size=2 face="sans-serif">I've tested the following and it worked
fine, too: </font>
<br><font size=2 face="sans-serif"><b>sflowtool -t | tcpdump -r -</b></font>
<br>
<br><font size=2 face="sans-serif">I would be pleased if you could help
me!<br>
</font><font size=3>Melanie</font>
--=_alternative 005087E5C125742C_=--


--===============0054512089==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============0054512089==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============0054512089==--