[Snort-devel] Removing colon from output logs

Robert Wagner rwagner at ...1225...
Wed May 8 09:13:34 EDT 2002


I was wondering if there was any thought for removing the colon from the
output logs.  ie.. TCP:29789-80
and replacing it with a more windows friendly character.  

Typically, we pull off the files and archive them (tar - gzip).  When I pull
them back up on windows, I cannot extract them because the colon is an
illegal character.  OK, maybe I am the only one that does this.

After some help from Chris, I found the spot in log.c - lines 173 and 183.
Where it appears to be defining the log file name.  This changes appears to
function ok.

This change will also allow one to remove a little extra code as I think
both the WIN32 and regular paths are the same.

---------------------------------------------snip from log.c - line 157 -
changes made to lines 173, 183 only
    /* build the log filename */
    if(p->iph->ip_proto == IPPROTO_TCP ||
            p->iph->ip_proto == IPPROTO_UDP)
    {
        if(p->frag_flag)
        {
            snprintf(log_file, STD_BUF, "%s/IP_FRAG%s", log_path, suffix);
        }
        else
        {
            if(p->sp >= p->dp)
            {
#ifdef WIN32
                snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                        protocol_names[p->iph->ip_proto], p->sp, p->dp,
suffix);
#else
                snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
==================>changed : to _
                        protocol_names[p->iph->ip_proto], p->sp, p->dp,
suffix);
#endif
            }
            else
            {
#ifdef WIN32
                snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
                        protocol_names[p->iph->ip_proto], p->dp, p->sp,
suffix);
#else
                snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
==================>changed : to _
                        protocol_names[p->iph->ip_proto], p->dp, p->sp,
suffix);
#endif
            }
        }




More information about the Snort-devel mailing list