[Snort-users] Changing the filename format for alerts

Matt Yackley Matt.Yackley at ...5858...
Tue Oct 15 12:47:06 EDT 2002


Tim, I'm in the same boat as you and won't be able to go to 1.9.0 until this
is figured out, since I don't know much about programming, I sent the log.c
file of to a programmer I know to see if he can tell me what to change.

Time to see who is quicker, the list or my friend! :-)

Matt

-----Original Message-----
From: McKim, Tim [mailto:McKim at ...5996...]
Sent: Tuesday, October 15, 2002 11:36 AM
To: Snort-Users (E-mail)
Subject: [Snort-users] Changing the filename format for alerts


I posted this awhile ago to find out how to change this in 1.8.x. Someone
was kind enough to help me out then. Unfortunately in 1.9 I have not been
able to find out how to change the format. So....

Here is my original message as it describes exactly what I am trying to
accomplish:

I run snort on a Linux box and then take the /logs directory tar it and ftp
it to my Windows workstation to view the logs and the alert file. The
problem is that the file format under the IP address directory is
TCP:xxxx-xx. Windows chokes on the :. Is there an option to change this
format? If so, where?

Thanks,

Tim


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list