[Snort-users] Snort / SnortSnarf question about packet capture filenames
Matt.Yackley at ...5858...
Wed Jun 26 06:17:02 EDT 2002
I run Snort & SnortSnarf on a Linux box, but would like the ability to move
the data off and be able to read it on a Windows box. Since Windows can't
handle filenames like TCP:xxxxx-xxx, I have changed the Snort code to log
the packet capture files with TCP_xxxxx-xxx. Now I need to get SnortSnarf
to create the proper links on the alert details page. I'm not a programmer
or perl scripter by any means, however I did try a couple of changes to the
HTMLOutput.pm file, but they did not help. The one change that I thought
would have worked was changing 'logfileprototerm' =':' to ='_'. Any ideas
on where I need to change SnortSnarf to make this work?
More information about the Snort-users