[Snort-sigs] tcpdump dates

Wirth, Jeff WirthJe at ...511...
Thu May 2 08:36:30 EDT 2002


From: Jeff Undercoffer [mailto:undercoffer at ...518...]
> 
> I am using snort to process a tcpdump file.  The alert log is 
> being stamped
> with the current date and not (as I would like) the date and 
> time of the
> entry in the tcpdump file.
> 
> What switch (if any) might I use to have the date and time in 
> the alert file
> correspond with the date and time in the tcpdump file?
> 
> 

I don't believe there are any switches that would help.  If your process is
scripted and running of a *nix box you may want to consider adding something
along the lines of...

 touch -am -r <tcpdump file> <snort alert file>

 see "man touch" for more info..

- Jeff




More information about the Snort-sigs mailing list