[Snort-users] named pipe output

Brian Hunt bmh_ca at ...131...
Thu Aug 1 06:54:03 EDT 2002


Can someone give me a hint as to how I can output snort logs, in order
of preference, in unified, fast, or other format, to a named pipe?

I have a named pipe, say $LOGDIR/snort.fifo, and the only output format
that seems to work the way I want / expect is snort ... -F snort.fifo,
but it does not seem to contain the data I want. (Or does it?)

Optimally, I would use
alert_unified: filename snort.fifo
but the unified format seems adamant about tacking on the timestamp.  A
way around this would be helpful.

I guess the additional question, perhaps more to the developers list,
would be: if I change the unified source code, will the new
spo_unified.o be binary compatible with other systems? (ie. can I drop
in spo_unified.o, restart snort, and it'll work as expected)  Ie. is
snort using dlsym, or is it statically linked?  (Failing solutions to
the foremost questions, I will find this out on my own, but tips there
couldn't hurt :) )

Cheers & Thanks,
Brian



__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-users mailing list