Snort mailing list archives

Snort Alert Priority into csv output

From: Weiss Willy via Snort-users <snort-users () lists snort org>
Date: Tue, 20 Aug 2019 12:03:15 +0100

Hello. I try to make snort to output the priority of an alert into the csv
format. Until now i manage to make the output into csv file with no
problem, but how do i add the priority of the alert next to sig_id?
My snort config reads:
"output alert_csv: /var/log/snort/alert.csv
priority,timestamp,msg,sig_id,proto,src,srcport,dst,dstport,tcpflags,tcpack"
Did not work.
Then I tried Barnyard2 to produce a csv output. This one worked as well
with the same output plugin but still no priority.
Snort config reads:
"output log_unified2: filename snort.log, limit 128"
Barnyard2 config reads:
"output alert_csv: /var/log/snort/alert.csv
priority,timestamp,msg,sig_id,proto,src,srcport,dst,dstport,tcpflags,tcpack"

Still I got the csv but no priority added. Can some body help me with this?
Willy Weiss
Security Researcher | Private Sector
phone: 07405248923
email: weisswilly1985 () gmail com
address: Wallwood Street , Bower House Flat 18

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort Alert Priority into csv output Weiss Willy via Snort-users (Aug 20)
- Re: Snort Alert Priority into csv output Russ Combs (rucombs) via Snort-users (Aug 21)