[Snort-users] spo_csv

Brian Caswell bmc at ...312...
Tue Mar 13 23:09:01 EST 2001


I finally cleaned up spo_csv enough to release it.  Attached is a diff
and spo_csv.c|h 

This plugin allows snort to output in user configurable CSV format.

Example:
	output CSV: /tmp/csv timestamp,msg,tcpflags
Produces:
	02/23-10:07:06.158422 ,TCP rule,***A****

Example:
	output CSV: /tmp/csv msg,proto,ttl,src,dst
Produces:
	UDP rule,UDP,64,192.168.2.45,192.168.2.46


Acceptable values are: 
timestamp, msg, proto, src, srcport, dst, dsport, 
ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,
tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode, 
icmpid,icmpseq

Using "output CSV: /alertfile default" will printout a default set of
values.  (The list of acceptable values in that order :P)  You must
specify output file and configuration.  You can use multiple CSV
outputs.  

-- 
Brian Caswell
The MITRE Corporation




More information about the Snort-users mailing list