Re: Snort log format?

[Frank Knobbe <frank () knobbe us>]

On Fri, 2003-10-31 at 10:19, Daniel Bartlett wrote:
> Can anyone tell me of any documents explaining the format of Snort
> logs?
>
> I specifically need a detailed description of the format of the
> "alert" log file


err.... it's in standard ASCII text format, English language,
non-escaped. About 6 lines constitute one alert, followed by a blank
line to separate the alerts visually. Each line contains one of more
values in an easy to parse format. The values are either separated by
field markers such as [ and ] or spaces. The fields in each block are
clearly marked as to what they mean (i.e. TTL, Priority, etc). 

uhm... What else is there?  

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part