Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: SnortALog error

From: jeremy.chartier () free fr
Date: Mon, 9 May 2005 17:30:34 +0200
Exactly.

You need to load the Snort Alert file if you are performing
Snort with "-A fast" or "-A full" option. If you redirect Snort's
alerts to syslog with "-s" option you can directly load your /var/log/messages
to SnortALog.



Patterson, Mike wrote:


I have taken my original binary snort log and converted to a tcpdump text

file (thanks to the assistance of a few nice guys in this group) using the
following command:


    tcpdump -r snort.log > syslog-like.log

However, when I try to analyze the file with the SnortALog tool using the

following command, I get the error "No correct logs found.":


    cat syslog-like.log | ./snortalog.pl -r -n 30

Any suggestions?  Thanks in advance!!




As I said before this isn't going to help you:

If it's a tcpdump format packet capture, you read it with tcpdump -r or
snort -r, but this won't help you as the file doesn't contain the alerts
you need, it's just a log of the offending packets.






-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_ids93&alloc_id281&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: