Re: Reading Unified Logs

[Chris Green <cmg () sourcefire com>]

"Dusty Hall" <halljer () auburn edu> writes:

> In the past we've used tcpdump to read our archived Snort logs but
> since we are now only using the unified output method this will no
> longer work.  I'm curious to know what other people are doing.
>
> Setup:
> I'm using Barnyard to import into our DB so we can view the past weeks
> alerts.. but after a week we purge the DB.  I'd prefer not to have to
> run Barnyard to convert it to a pcap file and then have to read it using
> tcpdump.  

If you were looking for a somewhat neat programming task, write a
unified input module for ethereal.
-- 
Chris Green <cmg () sourcefire com>
This is my signature. There are many like it but this one is mine.


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users