Snort mailing list archives
Machine-readable stream4 stats
From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Tue, 14 Aug 2001 16:50:01 +0100
This might make more sense (much easier to parse). gettimeofday would be the preferred function for filling out the start/end times - I don't think it's very cross-platform though... --- snort-1.8.1-rc2-local/spp_stream4.c Tue Aug 14 16:46:43 2001 +++ snort-1.8.1-rc2/spp_stream4.c Fri Aug 10 21:39:52 2001 @@ -2204,13 +2204,6 @@ } else if(s4data.track_stats_flag == STATS_MACHINE_READABLE) { - fprintf(session_log, "%u %u %u %u %u %u %u %u %u %u\n", - ssn->start_time, - ssn->last_session_time, - ssn->server.ip, ssn->server.port, ssn->server.pkts_sent, ssn->server.bytes_sent, - ssn->client.ip, ssn->client.port, ssn->client.pkts_sent, ssn->client.bytes_sent - ); -/* lt = localtime((time_t *) &ssn->start_time); s = (ssn->start_time + thiszone) % 86400; @@ -2234,7 +2227,6 @@ fprintf(session_log, "port: %d pkts: %u bytes: %u]\n", ssn->client.port, ssn->client.pkts_sent, ssn->client.bytes_sent); -*/ } if(ubi_trCount(RootPtr)) Regards, Phil +------------------------------------------+ | Phil Mayers | | Network & Infrastructure Group | | Information & Communication Technologies | | Imperial College | +------------------------------------------+ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Machine-readable stream4 stats Mayers, Philip J (Aug 14)