[Snort-devel] To printf or not to printf

Phil Wood cpw at ...86...
Tue Apr 30 07:29:02 EDT 2002


On Mon, Apr 29, 2002 at 07:55:59PM -0400, tlewis at ...255... wrote:
> I prefer to write my own abstraction layer approximating syslog(3),
> with types and/or severity as appropriate to the project.  Then you
> can configure what level of verbosity you want and on which systems you
> want it.  It's much easier to take a rich expression like that and
> translate it into "Everything into stdout" than it is to take 10,000
> "fprintf(stderr, ...)" statements and classify them.

I've done that.  It's a good idea.  It turns out that snort already has
LogMessage, ErrorMessage, FatalError, and DebugMessage which is enough
richness for me.  My nit was to just change the printf's to LogMessage,
I count less than 300 remaining in the 1.9 snort source.  A simple sed
loop on the files would suffice.

My patches haven't been too popular these days, so I'm trying for concenses.

> 
> $0.02
> 
> --
> Todd Lewis
> tlewis at ...255...
> 
> "Bonsoir, Monet.  Work, work.  It is the most beautiful thing there is
>        in the world."  -- Clemenceau
> 
> On Mon, 29 Apr 2002, Phil Wood wrote:
> 
> > 
> > Folks,
> > 
> > This is about the chatty cathy syndrom which seems come and go.  By
> > chatty cathy, I mean the various places in the code where reassuring messages
> > are printed to either stderr or stdout.  I personally would like to see
> > all messages directed to stderr, saving stdout for possibly piping output 
> > to another process), at least when running in nids mode.  The problem
> > is especially evident when people like myself redirect stderr to a file.
> > 
> > I that case I get:
> > 
> >   Rule application order:
> > 
> > in my stderr file and
> > 
> >  ->pass->activation->dynamic->alert->log->redalert
> > 
> > to stdout.
> > 
> > Drop me a line.  Or, does my mail go to /dev/null.
> > 
> > Thanks,
> > 
> > Phil
> > 
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > 

-- 
Phil Wood, cpw at ...86...





More information about the Snort-devel mailing list