[Snort-users] snort logs timestamp

Roman Danyliw roman at ...438...
Wed Apr 23 07:46:05 EDT 2003


I do not know what version of snort you are using, but in all cases this will
require a source code level change.  Look for the function ParseXmlArgs in
spo_xml.c, and find the line which looks roughly like the following:

      strftime(timebuf, 91, "%m%d@%H%M", loc_time);

Modify the strftime format string to get the desired output.  Remember to
grow/shrink the timebuf[] accordingly.

Roman

On Tue, 22 Apr 2003 13:38:07 -0700, Romildo Wildgrube <romildo at ...7643...>
wrote :

> Hi,
> 
> Does anyone know how can I change the timestamp that get appendet to the 
> log files?
> 
> I have an entry in the snort.conf file to generate xml log files as follow:
> 
> output xml: log, file=/apps/snort/var/log/snortxml-eth0 encoding=hex
> 
> and the files get created as follow:
> 
> snortxml-eth0-0409 at ...8968...
> 
> What I want to change is to have not only month and day but have month, 
> day and year before the @ sign. Any ideas how to change it?
> 
> Thanks,
> Romi
> 
> -- 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 




More information about the Snort-users mailing list