[Snort-users] unified code?

Andrew R. Baker andrewb at ...950...
Fri Jul 12 14:06:02 EDT 2002


smith wrote:
>  hi everybody,
> 
> i am new in using snort and i dont really understand waht is unified
 > code and what is its importance compared to tcpdump and how to view
 > it ,the text editor gives strange code
> thanx in advance. 


The unified output system is designed to output both alerts and packet 
logs into a unified file for processing by a seperate utility.  Barnyard 
has been developed by the Snort team to process this file.  If you want 
to know more about the record format, have a look at spo_unified.c in 
the Snort source distribution.

-A





More information about the Snort-users mailing list