[Snort-users] Reading Unified Logs
cmg at ...1935...
Mon Jul 21 06:24:10 EDT 2003
"Dusty Hall" <halljer at ...8709...> writes:
> In the past we've used tcpdump to read our archived Snort logs but
> since we are now only using the unified output method this will no
> longer work. I'm curious to know what other people are doing.
> I'm using Barnyard to import into our DB so we can view the past weeks
> alerts.. but after a week we purge the DB. I'd prefer not to have to
> run Barnyard to convert it to a pcap file and then have to read it using
If you were looking for a somewhat neat programming task, write a
unified input module for ethereal.
Chris Green <cmg at ...1935...>
This is my signature. There are many like it but this one is mine.
More information about the Snort-users