[Snort-devel] PATCH: Snort log in pcap format to stdout

Nick Austin nick at ...2032...
Tue Jun 17 05:46:10 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12 Jun 2003, Dirk Geschke wrote:

> Hi Nick,
> 
> On Wed, 2003-06-11 at 01:52, Nick Austin wrote:
> > Hello all, I have produced a 1 liner patch to enable you to log tcpdump 
> > format data to STDOUT. I needed a way to send the data to another program 
> > for post processing, I'm basically using snort as a layer 7 filter and 
> > passing the data to Argus to do real time flow analysis on it.
> > 
> > I'm not sure if anybody else thinks this is a good idea, or if there is a 
> > way to accomplish this without patching snort.
> 
> usually you can write to the special file /dev/stdout to print the data
> on stdout instead of a real file.

It seems that Snort wants to append a string to the end of the file that 
you specify, so it ends up writing to /dev/stdout.<date>. Perhaps instead 
of my patch, a switch that allows you to suppress this behavior would be 
better?

> 
> Best regards
> 
> Dirk Geschke
> 
> 
> 

- -- 
Nick Austin
Systems Administrator 

The Fantastic Corporation®
1155 Triton Drive, Suite C
Foster City, CA 94404
United States
Tel. +1-650-356-2114 (direct)
     +1-650-356-2100 (switchboard)
Fax  +1-650-574-6901
www.fantastic.com <http://www.fantastic.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQE+6MmoHmiYOiU4APYRApx3AJ4qQkio6Rrh3N3C/lqi21mFiWZrAgCghcag
pgVt56LFog5QRwheU67+tQk=
=to92
-----END PGP SIGNATURE-----






More information about the Snort-devel mailing list