[Snort-users] Snort / SnortSnarf question about packet capture filenames

Matt Yackley Matt.Yackley at ...5858...
Wed Jun 26 06:17:02 EDT 2002


Hello all,

I run Snort & SnortSnarf on a Linux box, but would like the ability to move
the data off and be able to read it on a Windows box.  Since Windows can't
handle filenames like TCP:xxxxx-xxx, I have changed the Snort code to log
the packet capture files with TCP_xxxxx-xxx.  Now I need to get SnortSnarf
to create the proper links on the alert details page.  I'm not a programmer
or perl scripter by any means, however I did try a couple of changes to the
HTMLOutput.pm file, but they did not help.  The one change that I thought
would have worked was changing 'logfileprototerm' =':' to ='_'.  Any ideas
on where I need to change SnortSnarf to make this work?

Thanks,
Matt Yackley





More information about the Snort-users mailing list