PacketStreamer's output can be used for threat detection with Suricata.
If receiver is configured with the
File output, the file can be used as an
input to Suricata with the following commannd.
tail -f /tmp/dump_file | suricata -v -c /etc/suricata/suricata.yaml -r /dev/stdin
It assumes that:
- Suricata's configuration file is
- PacketStreamer receiver is configured with output file to
Example receiver configuration:
When PacketStreamer writes to stdout, the output can be directly piped to Suricata:
./packet-streamer receiver --config ./contrib/config/receiver-stdout.yaml | suricata -v -c /etc/suricata/suricata.yaml -r /dev/stdin