[Snort-users] unified code?
Andrew R. Baker
andrewb at ...950...
Fri Jul 12 14:06:02 EDT 2002
> hi everybody,
> i am new in using snort and i dont really understand waht is unified
> code and what is its importance compared to tcpdump and how to view
> it ,the text editor gives strange code
> thanx in advance.
The unified output system is designed to output both alerts and packet
logs into a unified file for processing by a seperate utility. Barnyard
has been developed by the Snort team to process this file. If you want
to know more about the record format, have a look at spo_unified.c in
the Snort source distribution.
More information about the Snort-users