OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matt Yackley (Matt.Yackley_at_perkinswill.com)
Date: Mon Dec 02 2002 - 15:34:35 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    *Smacks forehead*
    hmmmm lets see, Output Plugins, damn why did I miss that clue....I checked
    all over the files up one level, but I must not have searched thru the
    Output plugins dir.

    Thanks a ton Frank! Looks like it's upgrade time....

    -----Original Message-----
    From: Frank Knobbe [mailto:fknobbeknobbeits.com]
    Sent: Monday, December 02, 2002 1:57 PM
    To: Matt Yackley
    Cc: snort-userslists.sourceforge.net
    Subject: Re: [Snort-users] Request for help in changing packet capture
    filenames under Snort 1.9

    On Mon, 2002-12-02 at 12:34, Matt Yackley wrote:
    > For those of us running snort on linux and then archiving data to a Win32
    > machine, the "proto:port-port" filename that is created for packet capture
    > files will not work for Windows. In snort 1.8.x this was fairly simple to
    > change by editing a line in the log.c file then compiling, etc. However
    in
    > snort 1.9 this has changed and I can't find out where to change this
    option.
    > I've tried posting to this list about a month ago and also to
    > snort-developers but no one has answered yet or have been able to find the
    > answer I should say.

    Open spo_log_ascii.c in src/output-plugins. In the OpenLogFile function
    you'll see:

    #ifdef WIN32
                    snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->sp, p->dp,
    suffix);
    #else
                    snprintf(log_file, STD_BUF, "%s/%s:%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->sp, p->dp,
    suffix);
    #endif
                }
                else
                {
    #ifdef WIN32
                    snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->dp, p->sp,
    suffix);
    #else
                    snprintf(log_file, STD_BUF, "%s/%s:%d-%d%s", log_path,
                            protocol_names[p->iph->ip_proto], p->dp, p->sp,
    suffix);
    #endif

    Change those to whatever you want to appear in the log files (i.e.
    change the : to a - or _ or whatever). Then recompile.

    Frank

    -------------------------------------------------------
    This SF.net email is sponsored by: Get the new Palm Tungsten T
    handheld. Power & Color in a compact size!
    http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users