[Snort-users] Changing the filename format for alerts
fknobbe at ...652...
Fri Jun 14 11:29:04 EDT 2002
On Fri, 2002-06-14 at 10:10, McKim, Tim wrote:
> I run snort on a Linux box and then take the /logs directory tar it and
> ftp it to my Windows workstation to view the logs and the alert file.
> The problem is that the file format under the IP address directory is
> TCP:xxxx-xx. Windows chokes on the :. Is there an option to change this
> format? If so, where?
grab the source of Snort and open the file LOG.C. Find the 2nd instance
of WIN32 (I think it's still the 2nd). That IFDEF uses a _ on Windows
machines and a : on all others in the file name of the log file. Just
change the other one to a _ as well, and recompile snort.
Or just change the filename of the log file before copying :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 350 bytes
Desc: This is a digitally signed message part
More information about the Snort-users