[Snort-users] Snort ouput format
Michael L. Artz
dragon at ...8731...
Thu Apr 3 18:54:57 EST 2003
Is there any documentation on the format that snort uses when writing
the alert file in "full" IDS mode? I am trying to write a parser for
the alerts, and it would be useful to know.
I understand that each line is (generally) a separate layer in the
packet, but things like RB=ip reserved bit set, and how fragementation
is output would be useful.
More information about the Snort-users