[Snort-devel] Minor log tweak/patch.

Scott A. McIntyre scott at ...349...
Tue Apr 3 08:33:13 EDT 2001


This lame little patch was thrown together to solve two minor
customization issues that I wanted with snort.  Others may find them
useful, or, they may not.


Taken from the latest CVS checkout, the first will change the logfile
format to be YYYYMMDD.HHMM, which is easier for me to look at than the @
version without the year.

Secondly, it will create a symbolic link from whichever binary log file
was created to the name "current"

I end up having to restart my snort sometimes a dozen times per day and
this handy shortcut is already saving me hassle.

Scott

p.s. those of you who are Good at C will probably fine a number of
faults with how I did this latter thing, I'm happy to take suggestions
on making it more clean.  



*** log.c       Tue Apr  3 14:26:48 2001
--- log.c.scott Tue Apr  3 13:44:30 2001
***************
*** 2206,2212 ****
      curr_time = time(NULL);
      loc_time = localtime(&curr_time);

!     strftime(timebuf, TIMEBUF_SIZE-1, "%m%d@%H%M", loc_time);

      if (logname != NULL && strlen(logname) != 0)
      {
--- 2206,2212 ----
      curr_time = time(NULL);
      loc_time = localtime(&curr_time);

!     strftime(timebuf, TIMEBUF_SIZE-1, "%Y%m%d.%H%M", loc_time);

      if (logname != NULL && strlen(logname) != 0)
      {
***************
*** 2227,2233 ****
          curr_time = time(NULL);
          loc_time = localtime(&curr_time);

!         strftime(timebuf, TIMEBUF_SIZE, "%m%d@%H%M", loc_time);

          bzero((char *) logdir, sizeof(logdir));

--- 2227,2233 ----
          curr_time = time(NULL);
          loc_time = localtime(&curr_time);

!         strftime(timebuf, TIMEBUF_SIZE, "%Y%m%d.%H%M", loc_time);

          bzero((char *) logdir, sizeof(logdir));

***************
*** 2236,2241 ****
--- 2236,2242 ----
          {
              snprintf(logdir, sizeof(logdir) -1,  "%s%s/snort-%s.log",
                      chrootdir == NULL ? "" : chrootdir, pv.log_dir, timebuf);
+                       unlink("current"); symlink(logdir, "current");
          }
      }







More information about the Snort-devel mailing list