Re: snort log question

[Martin Roesch <roesch () sourcefire com>]

You need to write your own output plugin to do this (or you could use the
CSV output plugin).  Check the docs for writing snort rules in the
SnortUsersGuide.pdf or look through the code for spo_alert_fast.c for a
quick primer on making your own output plugin.

     -Marty

On 1/28/02 5:21 PM, "Lookman Fazal" <fazall () research avayalabs com> wrote:

> Hello All
>
> I read the mailing list from front to end but could not find an answer,
> so here is the question
>
> I am running snort 1.8.3 on a linux 2.4.17 machine.
>
> In my snort.conf file, all I have for now is
>
> alert tcp any any -> any 80 (msg:"trying yahoo"; content:"yahoo";)
>
> I am capturing packets by doing
>
> snort -A fast -c snort.conf
>
> It does capture the packets in /var/log/snort directory, however,
> instead of the entire output , all I want in my log is
> SIP, SPORT, DIP and DPORT and thats it.
>
> Is there a way to have the above information in one txt file for all the
> various machines?
>
> Your help will be greatly appreciated
>
> --Fazal
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users