Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Syntax question

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 06 Jan 2003 11:05:27 -0500
The naming scheme uses a filename.timestamp mechanism to ensure that every
new file has a unique filename (so you don't stomp old log files by
accident).  

If you want to get rid of the timestamp suffix on the filename, just edit it
out on lines 257 and 260 of spo_log_tcpdump.c.

     -Marty


On 1/5/03 11:07 PM, "Papa Mike" <online_puppy () yahoo ca> wrote:


--- Dustin Decker <dustind () moon-lite com> wrote: >
Hello all,

I'm new to the list, and using Snort 1.9.0 (Build
209). 

I'm logging to a binary file in
/var/log/snort_dumps, and later replaying
them into my DB by hand using -r flag.  I'm getting
ready to make this
somewhat automated, and have hit a minor snag.  I
use the -L flag with
snort to indicate I wish the binary file be named
based on the cheezy
variable you see displayed below:

[snippet from my shell script]
STAMP=`/bin/date +%m%d%y-%H`


n:wq

/usr/sbin/snort -b -L /var/log/snort_dumps/$STAMP -i
eth0 -c \
/etc/snort/snort.conf

This is suiting my purposes quite well, with one
exception.  I get file
names such as this:    010403-09.1041693435

Any recommendations on getting rid of the additional
".1041693435" portion
of the file name?


Funny.  I'm running 1.8.6 and my default tracefile
naming convention is "snort-MMdd () hhmm log".  That's
without using the '-L' switch.  When you do, you
should just specify the filename, not the path.  Give
the path with the '-l' switch.

______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: