[Snort-users] CSV Output problems...
ichinin at ...5794...
Thu May 23 16:45:02 EDT 2002
I have a question regarding Snort's CSV output.
Im using the following line with CSV:
output CSV: CSV.txt default
in comparison with standard output.
"dstport" reports ""
"tcplen" reports ""
Here is a sample line: (Lines wrapped)
05/24/02-00:55:17.468971 ,SHELLCODE x86 NOOP,TCP,
You can clearly see that after [dst] ("192.168.1.35"),
the [dstport] is "" and after [tcpack] ("0x635F50"),
tcplen is "".
I now tried using the entire parameter set: (lines...)
output CSV: CSV.txt timestamp, msg, proto, src, srcport,
dst, dstport, ethsrc, ethdst, ethlen, tcpflags, tcpseq,
tcpack, tcplen, tcpwindow, ttl, tos, id, dgmlen, iplen,
icmptype, icmpcode, icmpid, icmpseq
all i got was records like this:
Is there some other way to dump info from snort (in a
reliable way), or do i have to continue to use the
default output format? Also, Does CSV output work
properly under linux?
Config: Snort 1.8.5 (Win32)
NT Srv 4.0 (x86, SP5)
More information about the Snort-users