[Snort-users] Re: Can I watch snort's log in Color?

Fyodor fygrave at ...121...
Sat Jan 20 04:49:22 EST 2001


On Sat, Jan 20, 2001 at 01:03:21PM +0900, ls1100 wrote:
>  Can I watch snort's log in Color?
> 
> 

play with this :)

#!/usr/bin/perl

# usage tail -f /path/to/snortlogs | ./color.pl
#

@cols=(
"\x1b[1;30m",
"\x1b[1;31m",
"\x1b[1;32m",
"\x1b[1;33m",
"\x1b[1;34m",
"\x1b[1;35m",
"\x1b[1;36m",
"\x1b[1;37m",
"\x1b[1;30m",
"\x1b[1;31m",
"\x1b[1;32m",
"\x1b[1;33m",
"\x1b[1;34m",
"\x1b[1;35m",
"\x1b[1;36m",
"\x1b[1;37m");
$recol="\x1b[0m";

	
$|=1;

$alertcol=9;
$unreachcol=10;
$tcpcol=12;
$srcdstcol=13;

while(<STDIN>) {
	if (/\[\*\*\]/) {
		print $cols[$alertcol], $_, $recol;
	} elsif (/^\*\* /) {
		print $cols[$unreachcol], $_, $recol;
	} elsif (/->/) {
		print $cols[$srcdstcol], $_, $recol;
	} elsif (/TCP/ || /Seq/) {
		print $cols[$tcpcol], $_, $recol;
	} else {
		print $_;
	}
}
		
	






More information about the Snort-users mailing list