named pipe output

[Brian Hunt <bmh_ca () yahoo com>]

Can someone give me a hint as to how I can output snort logs, in order
of preference, in unified, fast, or other format, to a named pipe?

I have a named pipe, say $LOGDIR/snort.fifo, and the only output format
that seems to work the way I want / expect is snort ... -F snort.fifo,
but it does not seem to contain the data I want. (Or does it?)

Optimally, I would use
alert_unified: filename snort.fifo
but the unified format seems adamant about tacking on the timestamp.  A
way around this would be helpful.

I guess the additional question, perhaps more to the developers list,
would be: if I change the unified source code, will the new
spo_unified.o be binary compatible with other systems? (ie. can I drop
in spo_unified.o, restart snort, and it'll work as expected)  Ie. is
snort using dlsym, or is it statically linked?  (Failing solutions to
the foremost questions, I will find this out on my own, but tips there
couldn't hurt :) )

Cheers & Thanks,
Brian



__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users