hello,
I m using snort in logger mode.Snort also works in packet logger mode where it logs the packet into files.These files contains the information as

Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Content-Length: 375
Via: 1.1 MIT-TMG
Age: 1687
Date: Wed, 04 Jan 2012 09:08:06 GMT
Content-Type: application/vnd.google.safebrowsing-chunk
Server: Chunked Update Server
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public,max-age=172800

how do log files extract information from the packets?

The log files are not extracting anything from the packets; Snort is doing everything. What exactly are you trying to ask though? How snort captures the data? Or how it writes the needed data to the log file and the pcap files?

hi,
I want to know how it writes the needed data to the log file and the pcap files?

That's internal to snort.... That's the program itself. If you really must know, have a look at the source code

hi,
Does anyone have the source code of snort? I need it urgently....

Urgently? If you need it that bad, then you can do the "simple" thing by going online, searching for snort, and seeing that on their web page, you can download the source. Why you would go through the trouble of registering an account on LQ just to ask this question is beyond my thinking skills, as the easiest way to find out is to search using google, yahoo, etc. And why so urgent? Is this part of a homework assignment? If so, then one thing left to say..... We are here voluntarily, therefore, we are not doing your homework for you.

Thank you for understanding, and wish the best of luck to you.

Josh

snort writes it's log files by parsing the packets based on the rules for the packet type in question. you didnt say, buy my guess is your snort is connected to a ethernet network (many other types of networks to which one could parse/dissect, etc).