Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Program that reads unified log format natively

From: Jochen Vogel <jvogel () it-sec de>
Date: Thu, 23 Oct 2003 09:23:49 +0200
hi ben,

use barnyard and log in a file instead the database
to see what the unified logs really write.

i dont know if mudpit can write into files




-----Ursprüngliche Nachricht-----
Von: Ben Nelson [mailto:lists () venom600 org]
Gesendet: Mittwoch, 22. Oktober 2003 03:39
An: snort-users () lists sourceforge net
Betreff: [Snort-users] Program that reads unified log format natively


I'm looking for a program that will read Snort unified log 
format files 
natively and spit out (to STDOUT preferrably) tcpdump-like 
information 
gleaned from these files.  Anybody seen anything like that?

I'm using '-e' to log link layer characteristics of alert packets and 
this information doesn't seem to make it into my snort database after 
mudpit gets through parsing the unified log files.  I rarely 
need this 
information, but if I could go back and use a program like I 
described 
to parse my archived unified log files to find link layer information 
after the fact, that would be very useful to me.

Thanks,
--Ben



-------------------------------------------------------
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance 
to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: