[Snort-users] 1.6 look for 1.6.3
hoagland at ...47...
Fri Aug 11 15:42:00 EDT 2000
>if people are serious about it, it could be added of course, althrough I
>personally would like to stay away of such minor tunable things, otherwise
>we could have configure with a few dozens of `--enable-....' parameters :)
I agree. Differences such as that will make it a little more
difficult for automated tools to deal with as well. SnortSnarf does
not currently look at log files (just links to them), but could
potentially in the future.
Doesn't matter too much to be, but FWIW, I'm partial to a blank line
in between entries. Easier to parse and it follows the typical
blank-lines-separate-paragraphs format. Snort's raw output will
never be in the most convenient form for human consumption, so leave
that to the user interface if there isn't agreement.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* Voice: (707) 445-4355 x13 Fax: (707) 826-7571 *|
More information about the Snort-users