[Snort-users] snort log question

Martin Roesch roesch at ...1935...
Mon Jan 28 18:30:05 EST 2002


You need to write your own output plugin to do this (or you could use the
CSV output plugin).  Check the docs for writing snort rules in the
SnortUsersGuide.pdf or look through the code for spo_alert_fast.c for a
quick primer on making your own output plugin.

     -Marty

On 1/28/02 5:21 PM, "Lookman Fazal" <fazall at ...4715...> wrote:

> Hello All
> 
> I read the mailing list from front to end but could not find an answer,
> so here is the question
> 
> I am running snort 1.8.3 on a linux 2.4.17 machine.
> 
> In my snort.conf file, all I have for now is
> 
> alert tcp any any -> any 80 (msg:"trying yahoo"; content:"yahoo";)
> 
> I am capturing packets by doing
> 
> snort -A fast -c snort.conf
> 
> It does capture the packets in /var/log/snort directory, however,
> instead of the entire output , all I want in my log is
> SIP, SPORT, DIP and DPORT and thats it.
> 
> Is there a way to have the above information in one txt file for all the
> various machines?
> 
> Your help will be greatly appreciated
> 
> --Fazal
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list