snort 2.0: is icmp type missing from syslog format?

[Michael Scheidell <scheidell () secnap net>]

Is the icmp type and code missing from the snort 2.0 syslog format?
Is it that way be design?

Can I beg for it to be put in?
the 'source and destination' ports exits for tcp and ucp, and for cvs for 
barnyard, I note, that even if the format is different (doesn't have a
ip:port), it does have the icmp code recorded  (the "8,0")

"ICMP","2003-01-19
04:35:01",80.129.248.131,,xxx.xxx.xxx.xxx,,8,0,117,1,1,96335,96
335


May  5 06:01:08 scanner snort: [1:499:3] ICMP Large ICMP Packet
[Classification: Potentially Bad Traffic] [Priority: 2]: <fxp1> {ICMP}
193.221.47.96 -> xxx.xxx.xxx.xxx

By looking at what was logged in mysql, I see that the ICMP  type code
is (8) Echo Request with code 0

Should not at least the 8 be recorded?
like this?

May  5 06:01:08 scanner snort: [1:499:3] ICMP Large ICMP Packet
[Classification: Potentially Bad Traffic] [Priority: 2]: <fxp1> {ICMP}
193.221.47.96:8 -> xxx.xxx.xxx.xxx:0

(ie, record the icmp type in the src"(port) location and icmp code in the
'dest'(port) location)

note the port source and dest for udp (and tcp) exists for tcp and ucp
May  5 07:02:37 scanner snort: [1:2003:2] MS-SQL Worm propagation attempt
[Classification: Misc Attack] [Priority: 2]: <fxp1> {UDP}
203.121.69.114:2051 -> xxx.xxx.xxx.xxx:1434

-- 
Michael Scheidell
SECNAP Network Security
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users