Snort mailing list archives
Re: (no subject)
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 25 Apr 2005 16:55:43 -0400
Patterson, Mike wrote:
I have received a binary snort.log file which I need to reformat to a "syslog" format in order to have my analyzer tool (i.e., SnortALog) read it. Do you have any suggestions please? Thanks!
That depends on what type of binary snort log it is.. Is it a "unified" alert log, or is it a binary (tcpdump format) packet log? If it's a tcpdump format packet capture, you read it with tcpdump -r or snort -r, but this won't help you as the file doesn't contain the alerts you need, it's just a log of the offending packets. If it's a unified log, then use the barnyard tool to convert it to an ascii format: http://www.snort.org/dl/barnyard/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) Patterson, Mike (Apr 25)
- Re: (no subject) Paul Schmehl (Apr 26)
- Re: (no subject) Matt Kettler (Apr 26)