[Snort-users] csv input of honeysuckle

Maetzky, Steffen (Extern) Steffen.Maetzky at ...11508...
Tue Jul 20 03:21:05 EDT 2004


Hi,

After a good night, I know the solution of my problem from yesterday: 

I can't use an empty log.csv, because it is the input 
(and not the output what I have thought even it is described as input -
perhaps to much coffee and too few breaks???) 

But now I have problems with generating the log.csv.
Brian Caswell wrote that he use the following csv-format: srcip, dstip,
priority, event

This fields doesn't seem to be supported by snorts csv output.

I know that barnyard-0.2.0 is able to make csv outputs but it has no event
field.
Should I use event_id or event_reference instead of event?

Does anyone know if the script works after adding other fields?

Which output uses honeysuckle (sreen or file? Which file?) 
(sorry, but I'm not a perl programmer)

Thanks in advance,

Steffen





More information about the Snort-users mailing list