[Snort-devel] RFE: improving generation of event_ref

Dirk Geschke dirk at ...972...
Fri Oct 8 04:09:02 EDT 2004


Hi Alex,

I guess the "cheapest" solution would be to start
with a preset event_id of e.g. the seconds of the
epoch up to now minus a start value like yesterday?

Of course this could result in collisions if you restart
snort and there were more alerts then 1 per second since
the last start of snort.

> 
> >Just my thoughts on the topic.
> 
> Just mine. ;-)
> 

...and this are mine...

Best regards

Dirk




More information about the Snort-devel mailing list