[Snort-devel] PATCH: Snort log in pcap format to stdout

Nick Austin n.austin at ...2024...
Thu Jun 12 10:41:13 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all, I have produced a 1 liner patch to enable you to log tcpdump 
format data to STDOUT. I needed a way to send the data to another program 
for post processing, I'm basically using snort as a layer 7 filter and 
passing the data to Argus to do real time flow analysis on it.

I'm not sure if anybody else thinks this is a good idea, or if there is a 
way to accomplish this without patching snort.

Please CC me on any replys because I am not currently subscribed to this 
list. 

Thanks!


diff -urN snort-2.0.0/src/output-plugins/spo_log_tcpdump.c snort-2.0.0-new/src/output-plugins/spo_log_tcpdump.c
- --- snort-2.0.0/src/output-plugins/spo_log_tcpdump.c	Thu Apr  3 13:10:51 2003
+++ snort-2.0.0-new/src/output-plugins/spo_log_tcpdump.c	Tue Jun 10 16:43:21 2003
@@ -254,6 +254,8 @@
     if(data->filename[0] == '/')
         value = snprintf(logdir, STD_BUF-1, "%s.%lu", data->filename, 
                 curr_time);
+    else if(data->filename[0] == '-')
+	value = snprintf(logdir, STD_BUF-1, "%s", data->filename);
     else
         value = snprintf(logdir, STD_BUF-1, "%s/%s.%lu", pv.log_dir, 
                 data->filename, curr_time);

- -- 
Nick Austin
Systems Administrator 

The Fantastic Corporation®
1155 Triton Drive, Suite C
Foster City, CA 94404
United States
Tel. +1-650-356-2114 (direct)
     +1-650-356-2100 (switchboard)
Fax  +1-650-574-6901
www.fantastic.com <http://www.fantastic.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQE+5m9gHmiYOiU4APYRAps5AJ0eOp95jFa7IbIFivKTR45X/EI0sQCgyfum
0cqbplPXlx1QgLyAhP+Y1bI=
=056y
-----END PGP SIGNATURE-----

-------------- next part --------------
diff -urN snort-2.0.0/src/output-plugins/spo_log_tcpdump.c snort-2.0.0-new/src/output-plugins/spo_log_tcpdump.c
--- snort-2.0.0/src/output-plugins/spo_log_tcpdump.c	Thu Apr  3 13:10:51 2003
+++ snort-2.0.0-new/src/output-plugins/spo_log_tcpdump.c	Tue Jun 10 16:43:21 2003
@@ -254,6 +254,8 @@
     if(data->filename[0] == '/')
         value = snprintf(logdir, STD_BUF-1, "%s.%lu", data->filename, 
                 curr_time);
+    else if(data->filename[0] == '-')
+	value = snprintf(logdir, STD_BUF-1, "%s", data->filename);
     else
         value = snprintf(logdir, STD_BUF-1, "%s/%s.%lu", pv.log_dir, 
                 data->filename, curr_time);


More information about the Snort-devel mailing list