[Snort-devel] New feature wanted: %Y %m %d etc
elof at ...969...
Tue Dec 2 05:38:01 EST 2003
In snort.conf it would be nice to have some variables that expand to the
current time, just like the percent-conversions in strftime().
output alert_fast: snort.alert.%Y-%m-%d
would expand to:
output alert_fast: snort.alert.2003-12-02
Right now I use this workaround:
In my snort-startup script, I automaticly update the date in the file
var TIMESTAMP 2003-12-02
In snort.conf I include this file and then append the variable to the
output alert_fast: snort.alert.$TIMESTAMP
More information about the Snort-devel