[Snort-users] Reading Unified Logs

Dragos Ruiu dr at ...381...
Sun Jul 20 17:45:13 EDT 2003


On July 18, 2003 07:41 am, Dusty Hall wrote:
> In the past we've used tcpdump to read our archived Snort logs but
> since we are now only using the unified output method this will no
> longer work.  I'm curious to know what other people are doing.
>
> Setup:
> I'm using Barnyard to import into our DB so we can view the past weeks
> alerts.. but after a week we purge the DB.  I'd prefer not to have to
> run Barnyard to convert it to a pcap file and then have to read it using
> tcpdump.
>
> Any ideas?

http://dragos.com/logtopcap.c

-- 
pgpkey http://dragos.com/ kyxpgp




More information about the Snort-users mailing list