[Snort-users] Reading Unified Logs
halljer at ...8709...
Fri Jul 18 07:42:15 EDT 2003
In the past we've used tcpdump to read our archived Snort logs but
since we are now only using the unified output method this will no
longer work. I'm curious to know what other people are doing.
I'm using Barnyard to import into our DB so we can view the past weeks
alerts.. but after a week we purge the DB. I'd prefer not to have to
run Barnyard to convert it to a pcap file and then have to read it using
More information about the Snort-users