[Snort-users] Filename in alert_CSV

Parker, Jonathan E. jep at ...16363...
Thu Jun 13 16:24:44 EDT 2013


I am processing multiple .pcap files using the --pcap-dir option, and have my snort.conf setup to put alerts in a csv file using alert_CSV.  After processing with Snort I load the results into a MySQL database.  I want to include the filename of the pertinent .pcap for each alert, but there does not seem to be an option for that for the csv output module.  Can anyone suggest a way to do this?

Thanks in advance - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130613/ef40c3ec/attachment.html>


More information about the Snort-users mailing list