[Snort-devel] add micro timestamp in syslog alert output-plugins

rmkml rmkml at ...1042...
Mon Mar 24 03:43:03 EST 2003


Hi,

Add micro timestamp in spo_alert_syslog.c

with this patch.

Comments ?

Regard.

PS: I use snort 191b233
-------------- next part --------------
--- src/output-plugins/spo_alert_syslog.c.ori	Mon Mar 24 12:57:09 2003
+++ src/output-plugins/spo_alert_syslog.c	Mon Mar 24 13:03:11 2003
@@ -408,6 +408,10 @@
     SyslogData *data = (SyslogData *)arg;
 
 
+    char timestamp[TIMEBUF_SIZE];
+    bzero((char *) timestamp, TIMEBUF_SIZE);
+    if (p) sprintf(timestamp, "%ld.%06ld", p->pkth->ts.tv_sec, p->pkth->ts.tv_usec);
+ 
     bzero(event_string, SYSLOG_BUF);
 
     if(p && p->iph)
@@ -421,7 +425,7 @@
 
         if(event != NULL)
         {
-            snprintf(event_data, STD_BUF-1, "[%lu:%lu:%lu] ", 
+            snprintf(event_data, STD_BUF-1, "%s [%lu:%lu:%lu] ", timestamp,
                     (unsigned long) event->sig_generator,
                     (unsigned long) event->sig_id, 
                     (unsigned long) event->sig_rev);


More information about the Snort-devel mailing list