[Snort-users] Snort ouput format

Michael L. Artz dragon at ...8731...
Thu Apr 3 18:54:57 EST 2003


Is there any documentation on the format that snort uses when writing 
the alert file in "full" IDS mode?  I am trying to write a parser for 
the alerts, and it would be useful to know.

I understand that each line is (generally) a separate layer in the 
packet, but things like RB=ip reserved bit set, and how fragementation 
is output would be useful.

Thanks
-Mike





More information about the Snort-users mailing list