[Snort-users] format change in log names

Phil Wood cpw at ...440...
Tue Aug 20 08:02:07 EDT 2002


I've attached an unauthorized patch to spo_log_tcpdump.c which lets YOU
set the file name.

  I call snort with ... -S INSTANCE=$INSTANCE ...

  The conf file entry is set like so:

    output log_tcpdump: !$INSTANCE

and finally, I patch the snort source to honor the "bang" syntax.

On Tue, Aug 20, 2002 at 09:08:16AM -0400, JB wrote:
> 
> I have recently update to Snort Version 1.9.0beta4 (Build 195) and have
> noticed that logging to a file now creates different file names than
> before.  My logs now look something like this:
> 
> snort.log.1029514206
> 
> as opposed to how they used to look:
> 
> snort-0815 at ...6658...
> 
> Is there a way to change this in the configuartion file.  Although I can
> just open the log to see its date, the previous naming scheme helps me
> more.
> 
> Thanks,
> 
> Josh Bauman
> 
> 
> 
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>      Joshua Bauman   -  GNU Crusader
> baumanj at ...6590...      darwin at ...6591...
> 	baumanj at ...6592...
>              www.darw1n.net
>   ,           ,
>  /             \
> ((__-^^-,-^^-__))   _____
>  `-_---' `---_-'  /      \
>   `--|o` 'o|--'  |  w3rd! |
>      \  `  /      \___  _/
>       ): :(           )/
>       :o_o:
>        "-"
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...

-------------- next part --------------
diff -Naur -b snort-orig/src/output-plugins/spo_log_tcpdump.c snort/src/output-plugins/spo_log_tcpdump.c
--- snort-orig/src/output-plugins/spo_log_tcpdump.c	Mon Jul  8 13:50:37 2002
+++ snort/src/output-plugins/spo_log_tcpdump.c	Thu Aug 15 19:04:10 2002
@@ -253,9 +253,14 @@
         value = snprintf(logdir, STD_BUF-1, "%s%s.%lu", 
 			 chrootdir == NULL ? "" : chrootdir, data->filename, curr_time);
     else
+	if (data->filename[0] == '!')
+            value = snprintf(logdir, STD_BUF-1, "%s%s/%s",
+			    chrootdir == NULL ? "" : chrootdir, pv.log_dir,
+			    &data->filename[1]);
+        else
         value = snprintf(logdir, STD_BUF-1, "%s%s/%s.%lu",
-			 chrootdir == NULL ? "" : chrootdir, pv.log_dir, data->filename,
-             curr_time);
+			 chrootdir == NULL ? "" : chrootdir, pv.log_dir,
+			 data->filename, curr_time);
 
     if(value == -1)
         FatalError("ERROR: log file logging path and file name are too long, "


More information about the Snort-users mailing list