NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2001-03

From: Brian Caswell (bmcmitre.org)
Date: Tue Mar 13 2001 - 22:09:01 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I finally cleaned up spo_csv enough to release it. Attached is a diff
and spo_csv.c|h

This plugin allows snort to output in user configurable CSV format.

Example:
output CSV: /tmp/csv timestamp,msg,tcpflags
Produces:
02/23-10:07:06.158422 ,TCP rule,***A****

Example:
output CSV: /tmp/csv msg,proto,ttl,src,dst
Produces:
UDP rule,UDP,64,192.168.2.45,192.168.2.46

Acceptable values are:
timestamp, msg, proto, src, srcport, dst, dsport,
ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,
tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode,
icmpid,icmpseq

Using "output CSV: /alertfile default" will printout a default set of
values. (The list of acceptable values in that order :P) You must
specify output file and configuration. You can use multiple CSV
outputs.

-- Brian Caswell The MITRE Corporation

_______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]