[Snort-users] Use of SSCANF to parse an SYSLOG Snort message

Luís Vitório Cargnini vitorio at ...10086...
Mon Sep 22 04:05:07 EDT 2003


Please someone knows how could i parse and syslog message of snort using
sscanf or have did it before ?
example:
Sep 21 03:43:22 192.168.1.7 snort: [1:384:4] ICMP PING [Classification:
Misc activity] [Priority: 3]: {ICMP} 192.168.1.210 -> 192.168.1.54

i want to parse tha data 384 the classification text priority porotocol
source and destiny
Thanks && Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030922/ced6f3c8/attachment.sig>


More information about the Snort-users mailing list