[Snort-users] Reading Unified Logs
dr at ...381...
Sun Jul 20 17:45:13 EDT 2003
On July 18, 2003 07:41 am, Dusty Hall wrote:
> In the past we've used tcpdump to read our archived Snort logs but
> since we are now only using the unified output method this will no
> longer work. I'm curious to know what other people are doing.
> I'm using Barnyard to import into our DB so we can view the past weeks
> alerts.. but after a week we purge the DB. I'd prefer not to have to
> run Barnyard to convert it to a pcap file and then have to read it using
> Any ideas?
pgpkey http://dragos.com/ kyxpgp
More information about the Snort-users