Snort mailing list archives
Use of SSCANF to parse an SYSLOG Snort message
From: Luís Vitório Cargnini <vitorio () digitel com br>
Date: 22 Sep 2003 08:09:00 -0300
Please someone knows how could i parse and syslog message of snort using sscanf or have did it before ? example: Sep 21 03:43:22 192.168.1.7 snort: [1:384:4] ICMP PING [Classification: Misc activity] [Priority: 3]: {ICMP} 192.168.1.210 -> 192.168.1.54 i want to parse tha data 384 the classification text priority porotocol source and destiny Thanks && Regards.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Use of SSCANF to parse an SYSLOG Snort message Luís Vitório Cargnini (Sep 22)