Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Reading Unified Logs

From: "Dusty Hall" <halljer () auburn edu>
Date: Fri, 18 Jul 2003 09:41:26 -0500

In the past we've used tcpdump to read our archived Snort logs but
since we are now only using the unified output method this will no
longer work.  I'm curious to know what other people are doing.

Setup:
I'm using Barnyard to import into our DB so we can view the past weeks
alerts.. but after a week we purge the DB.  I'd prefer not to have to
run Barnyard to convert it to a pcap file and then have to read it using
tcpdump.  

Any ideas?

Thanks,


-Dusty


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: