[Snort-users] 1.6 look for 1.6.3

James Hoagland hoagland at ...47...
Fri Aug 11 15:42:00 EDT 2000


>if people are serious about it, it could be added of course, althrough I
>personally would like to stay away of such minor tunable things, otherwise
>we could have configure with a few dozens of `--enable-....' parameters :)

I agree.  Differences such as that will make it a little more 
difficult for automated tools to deal with as well.  SnortSnarf does 
not currently look at log files (just links to them), but could 
potentially in the future.

Doesn't matter too much to be, but FWIW, I'm partial to a blank line 
in between entries.  Easier to parse and it follows the typical 
blank-lines-separate-paragraphs format.  Snort's raw output will 
never be in the most convenient form for human consumption, so leave 
that to the user interface if there isn't agreement.

Regards,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 826-7571  *|




More information about the Snort-users mailing list