[Snort-users] Reading Unified Logs

Dusty Hall halljer at ...8709...
Fri Jul 18 07:42:15 EDT 2003


In the past we've used tcpdump to read our archived Snort logs but
since we are now only using the unified output method this will no
longer work.  I'm curious to know what other people are doing.

Setup:
I'm using Barnyard to import into our DB so we can view the past weeks
alerts.. but after a week we purge the DB.  I'd prefer not to have to
run Barnyard to convert it to a pcap file and then have to read it using
tcpdump.  

Any ideas?

Thanks,


-Dusty




More information about the Snort-users mailing list