Snort mailing list archives
Re: Reading Unified Logs
From: Chris Green <cmg () sourcefire com>
Date: Mon, 21 Jul 2003 09:23:32 -0400
"Dusty Hall" <halljer () auburn edu> writes:
In the past we've used tcpdump to read our archived Snort logs but since we are now only using the unified output method this will no longer work. I'm curious to know what other people are doing. Setup: I'm using Barnyard to import into our DB so we can view the past weeks alerts.. but after a week we purge the DB. I'd prefer not to have to run Barnyard to convert it to a pcap file and then have to read it using tcpdump.
If you were looking for a somewhat neat programming task, write a unified input module for ethereal. -- Chris Green <cmg () sourcefire com> This is my signature. There are many like it but this one is mine. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Reading Unified Logs Dusty Hall (Jul 18)
- Re: Reading Unified Logs Dragos Ruiu (Jul 20)
- Re: Reading Unified Logs Chris Green (Jul 21)