[Snort-users] format of unified log file?

Rob Baxter rbaxter at ...13031...
Fri Feb 11 05:05:51 EST 2005

I apologize if this has been covered before, but I am looking to write a 
utility to parse the binary unified log files produced by snort. 
According to the snort Users Guide the binary log file format is 
described in the spo_unified.h header file, however when I look at that 
file I don't see anything resembling a file format desc (in fact the 
file has < 30 including comments). Am I looking in the wrong place 
(src/output-plugins directory of the 2.3.0 distribution). Would I find 
the description in an older revision of this file (appears that I'm 
looking at v1.9), or where else might I find the documentation on how 
that file is layed out? I might be able to figure it out by looking at 
the input processors for mudpit and/or barnyard, but my C is terribly 
rusty so I'd prefer to have some documentation. If anyone can point me 
in the right direction it'd be greatly appreciated. thanx,


Robert M. Baxter
Sr. Security Analyst
Xapiens Corporation

More information about the Snort-users mailing list