[Snort-users] Re: [Snort-devel] spo_csv

Martin Roesch roesch at ...421...
Mon Mar 26 19:52:46 EST 2001


This code was committed as part of last night's big CVS commit, check it
out...

    -Marty

Brian Caswell wrote:
> 
> I finally cleaned up spo_csv enough to release it.  Attached is a diff
> and spo_csv.c|h
> 
> This plugin allows snort to output in user configurable CSV format.
> 
> Example:
>         output CSV: /tmp/csv timestamp,msg,tcpflags
> Produces:
>         02/23-10:07:06.158422 ,TCP rule,***A****
> 
> Example:
>         output CSV: /tmp/csv msg,proto,ttl,src,dst
> Produces:
>         UDP rule,UDP,64,192.168.2.45,192.168.2.46
> 
> Acceptable values are:
> timestamp, msg, proto, src, srcport, dst, dsport,
> ethsrc,ethdst,ethlen,tcpflags,tcpseq,tcpack,tcpln,
> tcpwindow,ttl,tos,id,dgmlen,iplen,icmptype,icmpcode,
> icmpid,icmpseq
> 
> Using "output CSV: /alertfile default" will printout a default set of
> values.  (The list of acceptable values in that order :P)  You must
> specify output file and configuration.  You can use multiple CSV
> outputs.
> 
> --
> Brian Caswell
> The MITRE Corporation
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list