[Snort-users] Changing the filename format for alerts

Erek Adams erek at ...577...
Tue Oct 15 13:28:06 EDT 2002


On Tue, 15 Oct 2002, Matt Yackley wrote:

> Snort and SnortSnarf, one for each side of the firewall.  I run a weeks
> worth of data then tar the whole html tree that snortsnarf creates and ftp
> it to a windows machine.  Once on the windows box the whole tree get burned
> to a CD for storage so all I need to do is drop the CD in any PC and
> navigate through the HTML just like it was on the server.

Hrm...  Ok, I don't use snortsnarf, so this might be a silly question:  Since
'the html tree that snortsnarf creates' is built by it, isn't that what's
really giving you the issues with the filenames?  I'm not sure, so I had to
ask.  :)

> Anyway that's my messed up way of viewing and archiving data, but it works
> for me.  I ran into all kinds of issues between Snort and SnortSnarf and
> trying to use : and then try the renaming route, etc., but the best way for
> me is to just use _ instead.

Naaa....  It's not messed up.  I'd say it might be quite a bit more common
that you think.

> Your suggestion may work well for others though, thanks again for the help.

:)  Well there is a way to do it.  I'm just not sure where you'd need to edit
the code at yet.  I'll grunge thru it later on and see if I can come up with
something.

> BTW, I'm forced to use Outlook and I love seeing your Outlook flag!

;-)  It's simple yet effective.  Besides, I hate virus propagation programs
that try to pretend to be an email client.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list