[Snort-users] Request for help in changing packet capture filenames under Snort 1.9

Matt Yackley Matt.Yackley at ...5858...
Mon Dec 2 10:50:41 EST 2002


Good day all, I would like to bring up a topic that I have yet to have seen
answered...

For those of us running snort on linux and then archiving data to a Win32
machine, the "proto:port-port" filename that is created for packet capture
files will not work for Windows.  In snort 1.8.x this was fairly simple to
change by editing a line in the log.c file then compiling, etc.  However in
snort 1.9 this has changed and I can't find out where to change this option.
I've tried posting to this list about a month ago and also to
snort-developers but no one has answered yet or have been able to find the
answer I should say.

If anyone knows the answer please let me know, and if this isn't possible
then I'll have to change the way I'm archiving this data, either way I'd
really like to move to 1.9, but would prefer to continuing archiving to
Windows (not my personal preference, just an environment thing).

Thanks in advance,
Matt




More information about the Snort-users mailing list