[Snort-devel] How to Determine time tick value

Amtul Saboor saboor.amtul at ...2499...
Fri Jun 27 05:25:44 EDT 2014


I have already posted this query but no one responded so starting a new
thread:

I m running snort in linux backtrack , i installed latest version of snort
and i m trying to make a dynamic preprocessor by modifying sample dpx.c
file of dpx ( example preprocessor)

I am trying to count unique source ips arriving pr second and I also want
to do this with more gap of intervals , i mean i want to count unique
source ips for every fourth second. But the time tick value cant be
determined, here is what m doing:


*sec = time(NULL);    t= sec-sec_ref;*



*  if(t == 1)    {*


*---- Do whats needed----*

* }*

*if(t == 4)*

* {*


*---- Do whats needed----*

* }*
But the value of "t" does not seem to increment after 1 or 2 at max.


   1.
*In Short I basically need to identify the current tick value regardless of
   it is being seconds or milliseconds. *
   2.
*Also , kindly let me know the format specifier for the value of time "t"
   to be printed at various intervals *


Please help

Kind Regards
 *Amtul Saboor*

*MS (Information Security)*

*Military College of Signals, National University of Science & Technology,
Rawalpindi*

*Pakistan*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140627/c6fe6175/attachment.html>


More information about the Snort-devel mailing list