Format

    output alert_csv: [<filename> [<format> [<limit>]]]
    <format> ::= "default"|<list>
    <list> ::= <field>(,<field>)*
    <field> ::= "dst"|"src"|"ttl" ...
    <limit> ::= <number>[('G'|'M'|K')]

• filename: the name of the log file. The default name is $<$logdir$>$/alert.csv. You may specify "stdout" for terminal output. The name may include an absolute or relative path.

• format: The list of formatting options is below. If the formatting option is "default", the output is in the order of the formatting options listed.
  • timestamp
  • sig_generator
  • sig_id
  • sig_rev
  • msg
  • proto
  • src
  • srcport
  • dst
  • dstport
  • ethsrc
  • ethdst
  • ethlen
  • tcpflags
  • tcpseq
  • tcpack
  • tcplen
  • tcpwindow
  • ttl
  • tos
  • id
  • dgmlen
  • iplen
  • icmptype
  • icmpcode
  • icmpid
  • icmpseq

• limit: an optional limit on file size which defaults to 128 MB. The minimum is 1 KB. See 2.6.10 for more information.