Re: snort logs timestamp

["Roman Danyliw" <roman () danyliw com>]

I do not know what version of snort you are using, but in all cases this will
require a source code level change.  Look for the function ParseXmlArgs in
spo_xml.c, and find the line which looks roughly like the following:

      strftime(timebuf, 91, "%m%d@%H%M", loc_time);

Modify the strftime format string to get the desired output.  Remember to
grow/shrink the timebuf[] accordingly.

Roman

On Tue, 22 Apr 2003 13:38:07 -0700, Romildo Wildgrube <romildo () ragingnet com>
wrote :

> Hi,
>
> Does anyone know how can I change the timestamp that get appendet to the 
> log files?
>
> I have an entry in the snort.conf file to generate xml log files as follow:
>
> output xml: log, file=/apps/snort/var/log/snortxml-eth0 encoding=hex
>
> and the files get created as follow:
>
> snortxml-eth0-0409@0001
>
> What I want to change is to have not only month and day but have month, 
> day and year before the @ sign. Any ideas how to change it?
>
> Thanks,
> Romi
>
> -- 
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users