Snort mailing list archives

Re: Snort Alert Priority into csv output

From: "Russ Combs \(rucombs\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 21 Aug 2019 15:36:28 +0000

FYI – this can be done easily with Snort 3 if you upgrade.

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
Weiss Willy via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: Weiss Willy <weisswilly1985 () gmail com<mailto:weisswilly1985 () gmail com>>
Date: Tuesday, August 20, 2019 at 7:03 AM
To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: [Snort-users] Snort Alert Priority into csv output

Hello. I try to make snort to output the priority of an alert into the csv format. Until now i manage to make the 
output into csv file with no problem, but how do i add the priority of the alert next to sig_id?
My snort config reads:
"output alert_csv: /var/log/snort/alert.csv priority,timestamp,msg,sig_id,proto,src,srcport,dst,dstport,tcpflags,tcpack"
Did not work.
Then I tried Barnyard2 to produce a csv output. This one worked as well with the same output plugin but still no 
priority.
Snort config reads:
"output log_unified2: filename snort.log, limit 128"
Barnyard2 config reads:
"output alert_csv: /var/log/snort/alert.csv priority,timestamp,msg,sig_id,proto,src,srcport,dst,dstport,tcpflags,tcpack"

Still I got the csv but no priority added. Can some body help me with this?
[https://img.mysignature.io/p/1/5/3/1537de1e-5cbd-5791-a22f-bb63dc4cd6cf.png?time=1527627149]
Willy Weiss
Security Researcher | Private Sector
phone: 07405248923<tel:07405248923>
email: weisswilly1985 () gmail com<mailto:weisswilly1985 () gmail com>
address: Wallwood Street , Bower House Flat 18

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort Alert Priority into csv output Weiss Willy via Snort-users (Aug 20)
- Re: Snort Alert Priority into csv output Russ Combs (rucombs) via Snort-users (Aug 21)