Snort mailing list archives

Re: Is it possible to change the output format for the alert_syslog module?

From: Joel Esler <jesler () sourcefire com>
Date: Sun, 4 Aug 2013 10:22:01 -0700

Snort is open source, it sure is possible to change it. 


--
Joel Esler
Sent from my iPad

On Aug 2, 2013, at 1:06 AM, Niels van Eijck <n.van.eijck () ncim nl> wrote:

Thank you Waldo for your reply, but that is notI  exactly what I'm looking for, I do not want alert logging in two 
different places.
I want to log the alert with Syslog, with the message as CSV format.
For example, my Syslog log looks now something like this:

<169>1 2013-08-02T12:34:56.000000Z host snort  - -  [1:111111:1] Test Alert {UDP} x.x.x.x:111 -> y.y.y.y:222

But what I want is this:

<169>1 2013-08-02T12:34:56.000000Z host snort  - -  1,111111,1,"Test Alert",UDP,x.x.x.x,111,y.y.y.y,222


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Is it possible to change the output format for the alert_syslog module? Niels van Eijck (Aug 02)
- Re: Is it possible to change the output format for the alert_syslog module? waldo kitty (Aug 02)
- Re: Is it possible to change the output format for the alert_syslog module? Joel Esler (Aug 04)