[Snort-users] Reading Unified Logs

Chris Green cmg at ...1935...
Mon Jul 21 06:24:10 EDT 2003

"Dusty Hall" <halljer at ...8709...> writes:

> In the past we've used tcpdump to read our archived Snort logs but
> since we are now only using the unified output method this will no
> longer work.  I'm curious to know what other people are doing.
> Setup:
> I'm using Barnyard to import into our DB so we can view the past weeks
> alerts.. but after a week we purge the DB.  I'd prefer not to have to
> run Barnyard to convert it to a pcap file and then have to read it using
> tcpdump.  

If you were looking for a somewhat neat programming task, write a
unified input module for ethereal.
Chris Green <cmg at ...1935...>
This is my signature. There are many like it but this one is mine.

More information about the Snort-users mailing list