Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Changing the filename format for alerts

From: Matt Yackley <Matt.Yackley () perkinswill com>
Date: Tue, 15 Oct 2002 15:02:12 -0500
Thanks Erek, but I think I tried to go that route once before and it really
didn't seem to work for my situation, I think I have a bit of a funky setup.
I'm using SnortSnarf and Snort on a linux box, 3 nics, 2 are stealthed to
watch inside and outside the firewall.  I run two separate instances of
Snort and SnortSnarf, one for each side of the firewall.  I run a weeks
worth of data then tar the whole html tree that snortsnarf creates and ftp
it to a windows machine.  Once on the windows box the whole tree get burned
to a CD for storage so all I need to do is drop the CD in any PC and
navigate through the HTML just like it was on the server.

Anyway that's my messed up way of viewing and archiving data, but it works
for me.  I ran into all kinds of issues between Snort and SnortSnarf and
trying to use : and then try the renaming route, etc., but the best way for
me is to just use _ instead.

Your suggestion may work well for others though, thanks again for the help.

BTW, I'm forced to use Outlook and I love seeing your Outlook flag!

Matt

-----Original Message-----
From: Erek Adams [mailto:erek () theadamsfamily net]
Sent: Tuesday, October 15, 2002 2:53 PM
To: Matt Yackley
Cc: 'McKim, Tim'; Snort-Users (E-mail)
Subject: RE: [Snort-users] Changing the filename format for alerts


On Tue, 15 Oct 2002, Matt Yackley wrote:


Tim, I'm in the same boat as you and won't be able to go to 1.9.0 until

this

is figured out, since I don't know much about programming, I sent the

log.c

file of to a programmer I know to see if he can tell me what to change.

Time to see who is quicker, the list or my friend! :-)


Errr...  Make it simpler.  Use 'mv'.  :)  mv then use ftp.  I'm going to
assume that your ftping from the win32 box--If so, check your ftp client for
a
'auto-rename' option.  IIRC, quite a few of them have that.

If you are running Snort on win32, then the code correctly names the file to
something useable by win32 boxes.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: