OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Mon Dec 02 2002 - 13:57:08 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Mon, 2002-12-02 at 12:34, Matt Yackley wrote:
    > For those of us running snort on linux and then archiving data to a Win32
    > machine, the "proto:port-port" filename that is created for packet capture
    > files will not work for Windows. In snort 1.8.x this was fairly simple to
    > change by editing a line in the log.c file then compiling, etc. However in
    > snort 1.9 this has changed and I can't find out where to change this option.
    > I've tried posting to this list about a month ago and also to
    > snort-developers but no one has answered yet or have been able to find the
    > answer I should say.

    Open spo_log_ascii.c in src/output-plugins. In the OpenLogFile function
    you'll see:

    #ifdef WIN32
                    snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->sp, p->dp,
    suffix);
    #else
                    snprintf(log_file, STD_BUF, "%s/%s:%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->sp, p->dp,
    suffix);
    #endif
                }
                else
                {
    #ifdef WIN32
                    snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->dp, p->sp,
    suffix);
    #else
                    snprintf(log_file, STD_BUF, "%s/%s:%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->dp, p->sp,
    suffix);
    #endif

    Change those to whatever you want to appear in the log files (i.e.
    change the : to a - or _ or whatever). Then recompile.

    Frank

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iQCVAwUAPeu7E7+0ijK5TGa5AQIQ8gQAra/2m19HmprZBPid9c5Gd/JXW2LFDl+S
    lsVyd4BHD9m1ZthyEK9MuQ9yO/K9EKFnq+hOlbCTfHBw8vXrQ3qSauql6O8jHFcS
    jxm3ciRvTJ8oIj1+opI8p+mMAhhjL9hMkT/BZxwmPRM1gMaGX6To19kZ193Db5Rb
    RI12+kM5gd4=
    =W3ER
    -----END PGP SIGNATURE-----

    -------------------------------------------------------
    This SF.net email is sponsored by: Get the new Palm Tungsten T
    handheld. Power & Color in a compact size!
    http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users