[Snort-users] RE: SnortALog error

Matt Kettler mkettler at ...4108...
Mon Apr 25 15:19:02 EDT 2005

Patterson, Mike wrote:

>I have taken my original binary snort log and converted to a tcpdump text file (thanks to the assistance of a few nice guys in this group) using the following command:
>	tcpdump -r snort.log > syslog-like.log
>However, when I try to analyze the file with the SnortALog tool using the following command, I get the error "No correct logs found.":
>	cat syslog-like.log | ./snortalog.pl -r -n 30
>Any suggestions?  Thanks in advance!!

As I said before this isn't going to help you:

If it's a tcpdump format packet capture, you read it with tcpdump -r or
snort -r, but this won't help you as the file doesn't contain the alerts
you need, it's just a log of the offending packets.

More information about the Snort-users mailing list