RE: Converting ASCII logs to Unified Format

["Jim O'Leary" <j_oleary_langara () yahoo ca>]

That's right, I have several alert files in valid Snort text output. I need
to convert these alert files into Snort's unified format.
 
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Esler, Joel
CNTR/Sytex
Sent: Monday, March 14, 2005 8:25 AM
To: Jim O'Leary
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Converting ASCII logs to Unified Format



So, I am guessing that you can an alert file you want to convert?

On Mon, 2005-03-14 at 08:19 -0800, Jim O'Leary wrote:


I should clarify that I was given the Snort log files from an external
source, not from my own Snort.conf. I need to convert these text files into
unified so Barnyard can stick them into MySQL.


-----Original Message-----
From: Esler, Joel CNTR/Sytex [mailto:joel.esler () rcert-s army mil] 
Sent: Monday, March 14, 2005 8:16 AM
To: Jim O'Leary
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Converting ASCII logs to Unified Format


Unified format is completely different from the ASCII log.  I would double
check your Snort.conf settings.

J

On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary wrote:


I have Snort set up so that it outputs logs and alerts to the binary
"unified" format. I also have barnyard set  up so that it reads those binary
files and sticks them into a MySQL database. 
 
The problem is, I've been given a group of Snort output files that are in
the ASCII format.  How do I convert these files to "unified" so I can get
barnyard to stick them into MySQL?
 
Thanks 


-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>         

-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>