[Snort-users] Changing the filename format for alerts

Frank Knobbe fknobbe at ...652...
Fri Jun 14 11:29:04 EDT 2002


On Fri, 2002-06-14 at 10:10, McKim, Tim wrote:
> I run snort on a Linux box and then take the /logs directory tar it and
> ftp it to my Windows workstation to view the logs and the alert file.
> The problem is that the file format under the IP address directory is
> TCP:xxxx-xx. Windows chokes on the :. Is there an option to change this
> format? If so, where?


Tim,

grab the source of Snort and open the file LOG.C. Find the 2nd instance
of WIN32 (I think it's still the 2nd). That IFDEF uses a _ on Windows
machines and a : on all others in the file name of the log file. Just
change the other one to a _ as well, and recompile snort.

Or just change the filename of the log file before copying :)

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020614/3088b301/attachment.sig>


More information about the Snort-users mailing list