Snort mailing list archives

RE: Converting ASCII logs to Unified Format

From: "Esler, Joel CNTR/Sytex" <joel.esler () rcert-s army mil>
Date: Mon, 14 Mar 2005 11:56:54 -0500

To my knowledge, you can't.  

On Mon, 2005-03-14 at 08:29 -0800, Jim O'Leary wrote:

That's right, I have several alert files in valid Snort text output. I
need to convert these alert files into Snort's unified format.
 
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of Esler, Joel CNTR/Sytex
Sent: Monday, March 14, 2005 8:25 AM
To: Jim O'Leary
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Converting ASCII logs to Unified Format



        So, I am guessing that you can an alert file you want to
        convert?
        
        On Mon, 2005-03-14 at 08:19 -0800, Jim O'Leary wrote:
        
        > I should clarify that I was given the Snort log files
        > from an external source, not from my own Snort.conf. I need
        > to convert these text files into unified so Barnyard can
        > stick them into MySQL.
        > 
        >         -----Original Message-----
        >         From: Esler, Joel CNTR/Sytex
        >         [mailto:joel.esler () rcert-s army mil] 
        >         Sent: Monday, March 14, 2005 8:16 AM
        >         To: Jim O'Leary
        >         Cc: snort-users () lists sourceforge net
        >         Subject: Re: [Snort-users] Converting ASCII logs to
        >         Unified Format
        >         
        >         
        >         Unified format is completely different from the
        >         ASCII log.  I would double check your Snort.conf
        >         settings.
        >         
        >         J
        >         
        >         On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary
        >         wrote:
        >         
        >         > I have Snort set up so that it outputs logs and
        >         > alerts to the binary "unified" format. I also have
        >         > barnyard set  up so that it reads those binary
        >         > files and sticks them into a MySQL database. 
        >         >  
        >         > The problem is, I've been given a group of Snort
        >         > output files that are in the ASCII format.  How do
        >         > I convert these files to "unified" so I can get
        >         > barnyard to stick them into MySQL?
        >         >  
        >         > Thanks 
        >         
        >         -- 
        >         Esler, Joel CNTR/Sytex <joel.esler@rcert-
        >         s.army.mil> 
        
        -- 
        Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>


-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>

Current thread:

Converting ASCII logs to Unified Format Jim O'Leary (Mar 12)
- Re: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)
  - RE: Converting ASCII logs to Unified Format Jim O'Leary (Mar 14)
    - RE: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)
    - RE: Converting ASCII logs to Unified Format Jim O'Leary (Mar 14)
    - RE: Converting ASCII logs to Unified Format Esler, Joel CNTR/Sytex (Mar 14)