Using the probe
The probe can be used as a prototyping agent for the rapid deployment of proof-to-concept probes, as a building block in custom production integrations, and as a means of replaying raw capture files from other probes (for example, to test rules files).
The examples given below show you how to use the probe
to process data from cat, tail,
and Telnet data streams.
Example: cat
In this example,
the probe receives data from the cat command, which
outputs the contents of a file named myevents:
cat
myevents | nco_p_stdin
Example: tail
In this example,
the probe receives data from the tail command, which
outputs the last ten lines of a log file named myeventlog:
tail
-f myeventlog | nco_p_stdin
Example: Telnet
In this example, the probe
receives data from the telnet command, which outputs
raw data from the host and port specified by the host and port parameters:
telnet host port |
nco_p_stdin