[Snort-users] Changing the filename format for alerts

McKim, Tim McKim at ...5996...
Tue Oct 15 09:37:04 EDT 2002


I posted this awhile ago to find out how to change this in 1.8.x. Someone
was kind enough to help me out then. Unfortunately in 1.9 I have not been
able to find out how to change the format. So....

Here is my original message as it describes exactly what I am trying to
accomplish:

I run snort on a Linux box and then take the /logs directory tar it and ftp
it to my Windows workstation to view the logs and the alert file. The
problem is that the file format under the IP address directory is
TCP:xxxx-xx. Windows chokes on the :. Is there an option to change this
format? If so, where?

Thanks,

Tim




More information about the Snort-users mailing list