[Snort-devel] Removing colon from output logs

Robert Wagner rwagner at ...1225...
Wed May 8 12:32:44 EDT 2002


Perhaps manage this through a snort.conf setting?

output log_style: default or windows compatible

Could I get anyone to buy off on that?

-----Original Message-----
From: tlewis at ...255... [mailto:tlewis at ...255...]
Sent: Wednesday, May 08, 2002 1:49 PM
To: Erek Adams
Cc: Robert Wagner; 'Frank Knobbe'; snort-devel at lists.sourceforge.net
Subject: RE: [Snort-devel] Removing colon from output logs


A nicer way to treat this would be to leave the default but allow people
to override the printf formatting.  E.g., instead of:

**********************************************************************
sprintf(filename, "%i:%s", ...);
**********************************************************************

do something like:

**********************************************************************
char *default_logfilename_format = "%i:%s";
char *logfilename_format = default_filename_format;

if(getopt(lfn)){
	logfilename_format* = optstring;
}

sprintf(filename, logfilename_format...);
**********************************************************************

--
Todd Lewis
tlewis at ...255...

"Bonsoir, Monet.  Work, work.  It is the most beautiful thing there is
       in the world."  -- Clemenceau

On Wed, 8 May 2002, Erek Adams wrote:

> On Wed, 8 May 2002, Robert Wagner wrote:
> 
> > I see the WIN32 section.  I am compiling and running on Linux and then
> > trying to pull the log files across to Windows for review.
> 
> Robert,
> 
> 	Ummmm....  Let's not fix 'this problem' in the releases.  :)  If you
> were on Win32 the whole way, it would work fine.  If you were on a *nix
the
> whole way it would be fine.  But what you're doing is 'changing boats in
the
> middle of a river.'
> 
> 	If thist happened, you'd break every *nix script that was written
> until it was changed.  Now, I agreee--One person, one script, no big deal.
> But with over 500k downloads and over 80% of that on *nix, that's a
disaster
> waiting to happen.
> 
> 	I suggest you patch your _local_ copy, instead of the distro.
> 
> 	Just my $0.001011  ;-)
> 
> 	Cheers!
> 
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
> 
> 
> _______________________________________________________________
> 
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...12...
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list