OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Martin Roesch (roeschmd.prestige.net)
Date: Mon Mar 26 2001 - 18:52:46 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This code was committed as part of last night's big CVS commit, check it
    out...

        -Marty

    Brian Caswell wrote:
    >
    > I finally cleaned up spo_csv enough to release it. Attached is a diff
    > and spo_csv.c|h
    >
    > This plugin allows snort to output in user configurable CSV format.
    >
    > Example:
    > output CSV: /tmp/csv timestamp,msg,tcpflags
    > Produces:
    > 02/23-10:07:06.158422 ,TCP rule,***A****
    >
    > Example:
    > output CSV: /tmp/csv msg,proto,ttl,src,dst
    > Produces:
    > UDP rule,UDP,64,192.168.2.45,192.168.2.46
    >
    > Acceptable values are:
    > timestamp, msg, proto, src, srcport, dst, dsport,
    > ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,
    > tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode,
    > icmpid,icmpseq
    >
    > Using "output CSV: /alertfile default" will printout a default set of
    > values. (The list of acceptable values in that order :P) You must
    > specify output file and configuration. You can use multiple CSV
    > outputs.
    >
    > --
    > Brian Caswell
    > The MITRE Corporation
    >
    > _______________________________________________
    > Snort-devel mailing list
    > Snort-devellists.sourceforge.net
    > http://lists.sourceforge.net/lists/listinfo/snort-devel 

    --
Martin Roesch
roeschmd.prestige.net
http://www.snort.org

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users