Quickly Transfering Large Files?????
-
How can I quickly :) transfer large files from one remote Server to a local Server (they are log files). They are updated when alerts come in so, is there also a way to update the file with just the new information:confused: Thanks in advance, Dan
-
How can I quickly :) transfer large files from one remote Server to a local Server (they are log files). They are updated when alerts come in so, is there also a way to update the file with just the new information:confused: Thanks in advance, Dan
I would keep the master log file on the server and just send updates from the client machine(s). Send the log update as a delimited string (if you're sending more than one log entry per update), like so: "Log entry #1|Log entry #2|Log entry #3" Of course, you'd have to choose an appropriate delimiter character, but that shouldn't be tough. And on the server end, parse the string, add the entries to your log file (I assume it's text), and with for the next update to arrive. I've posted a paitr of string parsing classes on this sight - one that uses MFC and one that uses STL and std::string - that you can use to both build and parse a delimited string. Here's a link to the article: http://www.codetools.com/useritems/cstringparser.asp To hell with those thin-skinned pillow-biters. - Me, 10/03/2001
-
I would keep the master log file on the server and just send updates from the client machine(s). Send the log update as a delimited string (if you're sending more than one log entry per update), like so: "Log entry #1|Log entry #2|Log entry #3" Of course, you'd have to choose an appropriate delimiter character, but that shouldn't be tough. And on the server end, parse the string, add the entries to your log file (I assume it's text), and with for the next update to arrive. I've posted a paitr of string parsing classes on this sight - one that uses MFC and one that uses STL and std::string - that you can use to both build and parse a delimited string. Here's a link to the article: http://www.codetools.com/useritems/cstringparser.asp To hell with those thin-skinned pillow-biters. - Me, 10/03/2001
Hi Outlaw...thanks for the tip! The file to transfer (part or full) is an alert log from an IDS system (Snort). How would I get just the new (last) entries?? An example of it is as follows: [**] EXPLOIT Possible CodeRed Worm v3 [**] 08/13-05:05:27.577622 111.111.111.111:3363 -> 111.111.111.111:80 TCP TTL:111 TOS:0x0 ID:21504 IpLen:20 DgmLen:552 DF ***A**** Seq: 0x7E1432D1 Ack: 0xD2B81EDD Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:22.742893 111.111.111.111:1645 -> 111.111.111.111:80 TCP TTL:102 TOS:0x0 ID:65028 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xC0CDEBF4 Ack: 0xDF5B9FD5 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:28.099871 111.111.111.111 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:26859 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xEFCD649D Ack: 0xDF7D2101 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:30.137790 111.111.111.111:3061 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:27031 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xF03C1800 Ack: 0xDF86D0B7 Win: 0x4000 TcpLen: 20 This is just an example of the Alert.ids log. There are a lot of other alerts that could be in here! Any ideas?? Thanks in advance, Dan
-
Hi Outlaw...thanks for the tip! The file to transfer (part or full) is an alert log from an IDS system (Snort). How would I get just the new (last) entries?? An example of it is as follows: [**] EXPLOIT Possible CodeRed Worm v3 [**] 08/13-05:05:27.577622 111.111.111.111:3363 -> 111.111.111.111:80 TCP TTL:111 TOS:0x0 ID:21504 IpLen:20 DgmLen:552 DF ***A**** Seq: 0x7E1432D1 Ack: 0xD2B81EDD Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:22.742893 111.111.111.111:1645 -> 111.111.111.111:80 TCP TTL:102 TOS:0x0 ID:65028 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xC0CDEBF4 Ack: 0xDF5B9FD5 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:28.099871 111.111.111.111 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:26859 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xEFCD649D Ack: 0xDF7D2101 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:30.137790 111.111.111.111:3061 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:27031 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xF03C1800 Ack: 0xDF86D0B7 Win: 0x4000 TcpLen: 20 This is just an example of the Alert.ids log. There are a lot of other alerts that could be in here! Any ideas?? Thanks in advance, Dan
I assumed you were the author of both ends of the software. I haven't got a clue as to what you have and what you want to do with it. I've never heard of Snort. As for getting the most recent entry, I guess you could just move the alert file to a different place and read it (moving it keeps you from having to lock it to prevent updates while you're reading it). To hell with those thin-skinned pillow-biters. - Me, 10/03/2001
-
Hi Outlaw...thanks for the tip! The file to transfer (part or full) is an alert log from an IDS system (Snort). How would I get just the new (last) entries?? An example of it is as follows: [**] EXPLOIT Possible CodeRed Worm v3 [**] 08/13-05:05:27.577622 111.111.111.111:3363 -> 111.111.111.111:80 TCP TTL:111 TOS:0x0 ID:21504 IpLen:20 DgmLen:552 DF ***A**** Seq: 0x7E1432D1 Ack: 0xD2B81EDD Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:22.742893 111.111.111.111:1645 -> 111.111.111.111:80 TCP TTL:102 TOS:0x0 ID:65028 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xC0CDEBF4 Ack: 0xDF5B9FD5 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:28.099871 111.111.111.111 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:26859 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xEFCD649D Ack: 0xDF7D2101 Win: 0x4000 TcpLen: 20 [**] EXPLOIT Possible CodeRed Worm v3(X) [**] 08/13-05:15:30.137790 111.111.111.111:3061 -> 111.111.111.111:80 TCP TTL:116 TOS:0x0 ID:27031 IpLen:20 DgmLen:552 DF ***A**** Seq: 0xF03C1800 Ack: 0xDF86D0B7 Win: 0x4000 TcpLen: 20 This is just an example of the Alert.ids log. There are a lot of other alerts that could be in here! Any ideas?? Thanks in advance, Dan
