[Oisf-users] Changing the format of fast.log file
Victor Julien
victor at inliniac.net
Sat Jun 30 09:18:02 UTC 2012
On 06/30/2012 08:37 AM, Abhishek Sharma wrote:
> Hi,
>
> I was wondering if there is a way (by means of config changes) to change
> the format of the fast.log file. For instance what if I just want to
> output the keyword ad the IP details -
>
> something like -
>
> MYKEYWORD [**] {TCP} 117.207.169.158:3142 <http://117.207.169.158:3142>
> -> 114.31.224.12:80 <http://114.31.224.12:80>
>
> instead of the current -
>
> 06/29/2012-17:58:42.950346 [**] [1:90015:0] MYKEYWORD [**]
> [Classification: (null)] [Priority: 5] {TCP} nnn.rrr.ttt.yyy:port ->
> aaa.vvv.fff.ggg:port
>
> Can this be done. I just want to play around with the format because I
> have a log file parser that would be better off with this format? I know
> I can do this "externally", say by writing a shell script, but can I do
> it via Suricata itself?
>
> Any ideas?
The only way to do this right now it by changing the source code.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list