[Oisf-users] Changing the format of fast.log file
Abhishek Sharma
abhisheksharma84 at gmail.com
Sat Jun 30 06:37:52 UTC 2012
Hi,
I was wondering if there is a way (by means of config changes) to change
the format of the fast.log file. For instance what if I just want to output
the keyword ad the IP details -
something like -
MYKEYWORD [**] {TCP} 117.207.169.158:3142 -> 114.31.224.12:80
instead of the current -
06/29/2012-17:58:42.950346 [**] [1:90015:0] MYKEYWORD [**]
[Classification: (null)] [Priority: 5] {TCP} nnn.rrr.ttt.yyy:port ->
aaa.vvv.fff.ggg:port
Can this be done. I just want to play around with the format because I have
a log file parser that would be better off with this format? I know I can
do this "externally", say by writing a shell script, but can I do it via
Suricata itself?
Any ideas?
Abhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120630/f129eba9/attachment-0002.html>
More information about the Oisf-users
mailing list