[Snort-sigs] tcpdump dates
WirthJe at ...511...
Thu May 2 08:36:30 EDT 2002
From: Jeff Undercoffer [mailto:undercoffer at ...518...]
> I am using snort to process a tcpdump file. The alert log is
> being stamped
> with the current date and not (as I would like) the date and
> time of the
> entry in the tcpdump file.
> What switch (if any) might I use to have the date and time in
> the alert file
> correspond with the date and time in the tcpdump file?
I don't believe there are any switches that would help. If your process is
scripted and running of a *nix box you may want to consider adding something
along the lines of...
touch -am -r <tcpdump file> <snort alert file>
see "man touch" for more info..
More information about the Snort-sigs