[Snort-devel] New feature wanted: %Y %m %d etc

Martin Olsson elof at ...969...
Tue Dec 2 05:38:01 EST 2003


Hi!

In snort.conf it would be nice to have some variables that expand to the
current time, just like the percent-conversions in strftime().

Example:
  output alert_fast: snort.alert.%Y-%m-%d
would expand to:
  output alert_fast: snort.alert.2003-12-02


Right now I use this workaround:

In my snort-startup script, I automaticly update the date in the file
timestamp.txt:
var TIMESTAMP 2003-12-02


In snort.conf I include this file and then append the variable to the
alert_fast filename.
snort.conf:
...
...
include timestamp.txt
output alert_fast: snort.alert.$TIMESTAMP

/Martin





More information about the Snort-devel mailing list