[Snort-devel] interface name reporting?

Joseph Nicholas Yarbrough nyarbrough at ...118...
Sat Nov 18 04:39:41 EST 2000


Hello all,

I was wondering if there is a method to have snort append the interface name  
(that the traffic that triggered the alert came from) to the alert. Would I 
have to include this functionality to an output plug-in, or is there 
currently plans to add this capability to snort? It would be impractical, I 
believe, to use a macro as we would have to modify every signature. Anyone 
have any thoughts on alternative ways to accomplish this?

Thanks,
Nick

Joseph Nicholas Yarbrough
Information Security Analyst
LURHQ Corporation
==========================>
nyarbrough at ...118...



More information about the Snort-devel mailing list