[Snort-users] Re: Can I watch snort's log in Color?

shawn . moyer shawn at ...1184...
Sat Jan 20 14:36:07 EST 2001


> On Sat, Jan 20, 2001 at 01:03:21PM +0900, ls1100 wrote:
> >  Can I watch snort's log in Color?

I also do this, using GRC. 

http://freshmeat.net/projects/genericcolouriser/homepage/


Here's my conf file for Snort Logs -- this will colorize IPFilter logs
as well.


file: /usr/local/share/grc/conf.snort

# This is for Snort and IPFilter

# IP Address
regexp=\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}
colours=bold yellow
-
# Alert Banners
regexp=\[*.+?\*]
colours=bold cyan
-
# Protocol
regexp=(TCP|UDP|tcp|udp)
colours=magenta
-
# Timestamp
regexp=\d{1,2}\/\d{1,2}\-\d{1,2}\:\d{1,2}
colours=cyan
-
# Directional arrow thingie
regexp=\->
colours=green
-
# Hostname / Port
regexp=([\w\.\-]+),(\d+)\b
colours=bold yellow
-
# Hostname / Service
regexp=([\w\.\-]+),([\w\-]+)\b
colours=bold yellow
-
# IP Filter logged drop
regexp=\ b
colours=bold red
-
# IP Filter log date
regexp=\d{1,2}\/\d{1,2}\/\d{1,4}
colours=bold cyan
-
# IP Filter log time
regexp=\d{1,2}\:\d{1,2}\:\d{1,2}\.\d{1,6}
colours=cyan
-
# Logfile divider banners
regexp=\==>*.+?\<==
colours=bold green
# ***
regexp=\*\*\*
colours=bold green





-- 
s h a w n   m o y e r
shawn at ...1184...




More information about the Snort-users mailing list