[Snort-users] (no subject)

Matt Kettler mkettler at ...4108...
Mon Apr 25 13:56:28 EDT 2005

Patterson, Mike wrote:

>I have received a binary snort.log file which I need to reformat to a "syslog" format in order to have my analyzer tool (i.e., SnortALog) read it.  Do you have any suggestions please?  Thanks!

That depends on what type of binary snort log it is.. Is it a "unified"
alert log, or is it a binary (tcpdump format) packet log?

If it's a tcpdump format packet capture, you read it with tcpdump -r or
snort -r, but this won't help you as the file doesn't contain the alerts
you need, it's just a log of the offending packets.

If it's a unified log, then use the barnyard tool to convert it to an
ascii format:


More information about the Snort-users mailing list