[Snort-devel] New feature wanted: %Y %m %d etc

Martin Olsson elof at ...969...
Tue Dec 2 05:38:01 EST 2003


In snort.conf it would be nice to have some variables that expand to the
current time, just like the percent-conversions in strftime().

  output alert_fast: snort.alert.%Y-%m-%d
would expand to:
  output alert_fast: snort.alert.2003-12-02

Right now I use this workaround:

In my snort-startup script, I automaticly update the date in the file
var TIMESTAMP 2003-12-02

In snort.conf I include this file and then append the variable to the
alert_fast filename.
include timestamp.txt
output alert_fast: snort.alert.$TIMESTAMP


More information about the Snort-devel mailing list