Snort mailing list archives
Re: running snort
From: beenph <beenph () gmail com>
Date: Wed, 1 May 2013 16:57:32 -0400
On Wed, May 1, 2013 at 4:39 PM, Balla István <balla.bmf () gmail com> wrote:
sorry. snort.u2 is the log output format (unified2) with the appended identifier: .1234557... but why is that snort cannot read it with ./snort -r ./log/snort.u2.12345678
To read unified2 file you can use u2spewfoo (comes with snort source package) u2bloat (to extract packet from unified2 file, also comes with snort source package) snort unified perl (http://code.google.com/p/snort-unified-perl/) or barnyard2 (to process unified2 file to different output, www.github.com/firnsy/barnyard2) -elz ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- running snort Balla István (Apr 30)
- Re: running snort Joel Esler (Apr 30)
- Re: running snort Balla István (May 01)
- Re: running snort Balla István (May 01)
- Re: running snort beenph (May 01)
- Message not available
- Message not available
- Re: running snort Balla István (May 01)
- Re: running snort beenph (May 01)
- Re: running snort Balla István (May 01)
- Re: running snort Joel Esler (Apr 30)