[Snort-users] Extending CSV output plug-in
security at ...5028...
Sat Mar 1 20:52:39 EST 2008
Kamran Shafi wrote:
> Hi All,
> I am new to Snort and this is my first mail to this list so please bear with
> First - I have been trying hard for last few days to get csv plug-in work
> for me but it has not. I am on Fedora Core 7 and running Snort 2.8.1 the
> latest version. I am running Snort with the following command:
> snort -A console -i lo -c test.conf (please see the output of running this
> command at the bottom of this mail)
> I have enabled only one rules file i.e. local.rules and have some test rules
> in it.
> the entry for my csv output plug-in in the test.conf file is
> output alert_CSV: /var/log/alert.csv default
> Afterwards I generate some attack traffic and get some alerts on the
> console. (please see the output at the end of this mail).
> The problem is that the alert.csv is never created!!!
> I have tried using full mode, -h flag and few other tricks but nothing is
Perhaps it is because command line options override the config file.
> Please note that I have not installed barnyard and assume that it is not a
> must for csv module to work.
> My second question is the following:
> If I am lucky enough to configure the csv module correctly with the help of
> you gurus, then how can I extend this module to add more details about the
> packet payload to the csv output ?
> I have posted similar messages on Snort forum without any response. Any help
> is appreciated.
You will have to write the code to make packet data available in the csv.
More information about the Snort-users