[Snort-users] RE: SnortALog error

Matt Kettler mkettler at ...4108...
Mon Apr 25 15:19:02 EDT 2005


Patterson, Mike wrote:

>I have taken my original binary snort log and converted to a tcpdump text file (thanks to the assistance of a few nice guys in this group) using the following command:
>
>	tcpdump -r snort.log > syslog-like.log
>
>However, when I try to analyze the file with the SnortALog tool using the following command, I get the error "No correct logs found.":
>
>	cat syslog-like.log | ./snortalog.pl -r -n 30
>
>Any suggestions?  Thanks in advance!!
>  
>

As I said before this isn't going to help you:

If it's a tcpdump format packet capture, you read it with tcpdump -r or
snort -r, but this won't help you as the file doesn't contain the alerts
you need, it's just a log of the offending packets.








More information about the Snort-users mailing list