[Snort-users] A small patch for Barnyard's op_fast.c

Edin Dizdarevic edin.dizdarevic at ...7509...
Thu Feb 3 07:30:57 EST 2005


Hithere,

I have a small thing changed in BY, maybe someone else wants it too. The
problem I had when mailing alerts with logsurfer is that the priority
was in the last line:

------------------------------------------------------------------------
01/01/01-00:00:00.000000 {TCP} 1.1.1.1:12345 -> 1.1.1.1:12345
[**] [1:234:5] Snort Alert [1:234:5] [**]
[Classification: Attempted Information Leak] [Priority: 2]
------------------------------------------------------------------------

I wanted a context to be opened only for the 1 alerts. But the
information I also want to collect and mail in the example above is
already gone. So what I actually wanted is this:

------------------------------------------------------------------------
[Classification: Unknown] [Priority: 3]
[**] [122:5:0] portscan: TCP Filtered Portscan [**]
02/03/05-16:09:15.715021 {PROTO255} 1.1.1.1 -> 1.1.1.4
------------------------------------------------------------------------

This is no big deal, I know, but it may save some time and nerve. Patch
the src/output-plugins/op_fast.c with the patch attached and enjoy.

Since I'm not a programmer at all please don't expect the patch to be
done highly professional but it worked for me so it may for you... ;)

Regards,
Edin

-- 
Edin Dizdarevic
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: by_patch_op_fast.c.patch
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050203/1432eb10/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050203/1432eb10/attachment.sig>


More information about the Snort-users mailing list