Re: Changing the filename format for alerts

[Frank Knobbe <fknobbe () knobbeits com>]

On Fri, 2002-06-14 at 10:10, McKim, Tim wrote:
> I run snort on a Linux box and then take the /logs directory tar it and
> ftp it to my Windows workstation to view the logs and the alert file.
> The problem is that the file format under the IP address directory is
> TCP:xxxx-xx. Windows chokes on the :. Is there an option to change this
> format? If so, where?


Tim,

grab the source of Snort and open the file LOG.C. Find the 2nd instance
of WIN32 (I think it's still the 2nd). That IFDEF uses a _ on Windows
machines and a : on all others in the file name of the log file. Just
change the other one to a _ as well, and recompile snort.

Or just change the filename of the log file before copying :)

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part