[Snort-devel] Removing colon from output logs

Frank Knobbe fknobbe at ...337...
Wed May 8 10:00:05 EDT 2002


Robert,

the colon is the default for the logging. Some time ago I supplied the
patch to use a _ for the Windows version. As you can see, in the #ifdef
WIN32 it uses a _, whereas other it uses the colon

If you read source, keep in mind that #ifdef WIN32 pertains to Windows
code. So in other words, Snort has already been Windows friendly :)

Regards,
Frank


On Wed, 2002-05-08 at 10:55, Robert Wagner wrote:
> I was wondering if there was any thought for removing the colon from the
> output logs.  ie.. TCP:29789-80
> and replacing it with a more windows friendly character.  
> 
> Typically, we pull off the files and archive them (tar - gzip).  When I pull
> them back up on windows, I cannot extract them because the colon is an
> illegal character.  OK, maybe I am the only one that does this.
> 
> After some help from Chris, I found the spot in log.c - lines 173 and 183.
> Where it appears to be defining the log file name.  This changes appears to
> function ok.
> 
> This change will also allow one to remove a little extra code as I think
> both the WIN32 and regular paths are the same.
> 
> ---------------------------------------------snip from log.c - line 157 -
> changes made to lines 173, 183 only
>     /* build the log filename */
>     if(p->iph->ip_proto == IPPROTO_TCP ||
>             p->iph->ip_proto == IPPROTO_UDP)
>     {
>         if(p->frag_flag)
>         {
>             snprintf(log_file, STD_BUF, "%s/IP_FRAG%s", log_path, suffix);
>         }
>         else
>         {
>             if(p->sp >= p->dp)
>             {
> #ifdef WIN32
>                 snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
>                         protocol_names[p->iph->ip_proto], p->sp, p->dp,
> suffix);
> #else
>                 snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
> ==================>changed : to _
>                         protocol_names[p->iph->ip_proto], p->sp, p->dp,
> suffix);
> #endif
>             }
>             else
>             {
> #ifdef WIN32
>                 snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
>                         protocol_names[p->iph->ip_proto], p->dp, p->sp,
> suffix);
> #else
>                 snprintf(log_file, STD_BUF, "%s/%s_%d-%d%s", log_path,
> ==================>changed : to _
>                         protocol_names[p->iph->ip_proto], p->dp, p->sp,
> suffix);
> #endif
>             }
>         }
> 
> _______________________________________________________________
> 
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...12...
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020508/c8d5daf2/attachment.sig>


More information about the Snort-devel mailing list