[Snort-users] named pipe output
bmh_ca at ...131...
Thu Aug 1 06:54:03 EDT 2002
Can someone give me a hint as to how I can output snort logs, in order
of preference, in unified, fast, or other format, to a named pipe?
I have a named pipe, say $LOGDIR/snort.fifo, and the only output format
that seems to work the way I want / expect is snort ... -F snort.fifo,
but it does not seem to contain the data I want. (Or does it?)
Optimally, I would use
alert_unified: filename snort.fifo
but the unified format seems adamant about tacking on the timestamp. A
way around this would be helpful.
I guess the additional question, perhaps more to the developers list,
would be: if I change the unified source code, will the new
spo_unified.o be binary compatible with other systems? (ie. can I drop
in spo_unified.o, restart snort, and it'll work as expected) Ie. is
snort using dlsym, or is it statically linked? (Failing solutions to
the foremost questions, I will find this out on my own, but tips there
couldn't hurt :) )
Cheers & Thanks,
Do You Yahoo!?
Yahoo! Health - Feel better, live better
More information about the Snort-users