[Snort-devel] 2 tweaks-nothing big.

Glenn Larsson g.larsson at ...1782...
Wed Jan 15 12:23:06 EST 2003


Hi.

I did some minor modifications for Snort 1.9 (Win32):  I wanted more
chronological date format for snort boxes and i still have had problems with
timestamps under Win9x systems.

1. To get chronological timestamps, i changed ("Util.c") :

    ******** BEGIN ORIGINAL CODE ************************

    if(pv.include_year)
    {
        (void) snprintf(timebuf, TIMEBUF_SIZE, 
                        "%02d/%02d/%02d-%02d:%02d:%02d.%06 ", 
                        lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100,
                        s / 3600, (s % 3600) / 60, s % 60, 
                        (u_int) tvp->tv_usec);
    }

    ** END ORIGINAL CODE ************************

    ** BEGIN NEW CODE ************************

    if(pv.include_year)
    {
        (void) snprintf(timebuf, TIMEBUF_SIZE, 
                        "2%03d%02d%02d-%02d%02d%02d.%06u ", 
                        lt->tm_year - 100, lt->tm_mon + 1, lt->tm_mday,
                        s / 3600, (s % 3600) / 60, s % 60, 
                        (u_int) tvp->tv_usec);
    } 

    ** END NEW CODE ************************


2. To get rid of that timestamp problem: (Win9X)
( http://marc.theaimsgroup.com/?l=snort-devel&m=103808040417097&w=2 )

I changed function: "ts_print()" In file: "Util.c" to the following.

    ******** BEGIN ORIGINAL CODE ************************

    /* if null was passed, we use current time */
    if(!tvp)

    ** END ORIGINAL CODE ************************

    ** BEGIN NEW CODE ************************

    /* if null was passed, we use current time */
    if(1)

    ** END NEW CODE ************************

These are temporary fixes for anyone who have experienced
the same problems.

Regards,
Glenn




More information about the Snort-devel mailing list