Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README - Add instructions to show live stream use cases #4

Open
sandman137 opened this issue Mar 31, 2022 · 3 comments · Fixed by #8
Open

README - Add instructions to show live stream use cases #4

sandman137 opened this issue Mar 31, 2022 · 3 comments · Fixed by #8
Assignees
@shyam-dev
Labels
documentation Improvements or additions to documentation

Comments

@sandman137
Copy link
Contributor

sandman137 commented Mar 31, 2022
edited

Show how to live stream traffic into various tools for detection purposes.

I.e. sensor --> receiver --> live stream | TOOL where TOOL = { Zeek, Suricata, Tshark, Moloch etc}

  1. Suricata
  2. Zeek
  3. Tshark
  4. Moloch
@sandman137 sandman137 added the documentation Improvements or additions to documentation label Mar 31, 2022
@ManofWax
Copy link

ManofWax commented Apr 4, 2022

I'm interested about the best way to send stream live to suricata and zeek

vadorovsky added a commit that referenced this issue Apr 6, 2022
@vadorovsky
Split README into mdbook documentation
8770c47 
README was getting really long. This change moves specific information
about building and using PacketStreamer to separate mdbook subpages.

It also adds information about using PacketStreamer with Suricata.

Fixes: #4
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
@vadorovsky vadorovsky mentioned this issue Apr 6, 2022
Merged
@sandman137
Copy link
Contributor Author

The README closes the Suricata use case, I think we should use FIFO instead of regular files to 'truly live steam' and remove need for file rotation/disk usage concerns etc.

Another option is to use STDOUT | STDIN piping. Sometimes this can lead to buffering issues etc but nothing that cant be solved quickly.

vadorovsky added a commit that referenced this issue Apr 8, 2022
@vadorovsky
Split README into mdbook documentation
cff3121 
README was getting really long. This change moves specific information
about building and using PacketStreamer to separate mdbook subpages.

It also adds information about using PacketStreamer with Suricata.

Fixes: #4
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
vadorovsky added a commit that referenced this issue Apr 8, 2022
@vadorovsky
Split README into mdbook documentation
43ae1d2 
README was getting really long. This change moves specific information
about building and using PacketStreamer to separate mdbook subpages.

It also adds information about using PacketStreamer with Suricata.

Fixes: #4
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
vadorovsky added a commit that referenced this issue Apr 8, 2022
@vadorovsky
Split README into mdbook documentation
c5b09e7 
README was getting really long. This change moves specific information
about building and using PacketStreamer to separate mdbook subpages.

It also adds information about using PacketStreamer with Suricata.

Fixes: #4
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
@sandman137
Copy link
Contributor Author

I think we should keep this one open till we address 2, 3 and 4 above.

@sandman137 sandman137 reopened this Apr 8, 2022
@sandman137 sandman137 mentioned this issue May 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shyam-dev shyam-dev

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Split README into mdbook documentation deepfence/PacketStreamer
3 participants
@ManofWax @shyam-dev @sandman137