[Snort-devel] Minor log tweak/patch.

Brian Caswell bmc at ...227...
Tue Apr 3 16:53:30 EDT 2001


Fyodor wrote:
> 
> On Tue, Apr 03, 2001 at 02:31:32PM -0400, Todd Lewis wrote:
> > I thought of that; the problem is how to get the right arguments in the
> > right order.  I have never understood va_ and friends, but maybe someone
> > who does (or who wants to) could work something up?
> 
> Well, if you could explain how you want the external design to be (i.g. how you
> want it to be presented in config file, and in what way you expect it to work),
> I could try to implement it in code. :)

How about in perl?  :)

$output =
"[**] MSG [**]\n" .
"TIMESTAMP SRCIP: SOURCEPORT DIRECTION DESTIP:DESTPORT\n" .
"PROTOCOL_INFO\n" .
"PACKET_INFO\n";

Of course PROTOCOL_INFO would need to be customizable as well.  Since
for TCP things, I would want all of the different stuff in different
order than most people.

I wrote spo_csv to allow people to configure what they see and how they
see it.  But its done in CSV.  :)

-brian




More information about the Snort-devel mailing list