[Snort-users] format of unified log file?

Rob Baxter rbaxter at ...13031...
Fri Feb 11 05:05:51 EST 2005


I apologize if this has been covered before, but I am looking to write a 
utility to parse the binary unified log files produced by snort. 
According to the snort Users Guide the binary log file format is 
described in the spo_unified.h header file, however when I look at that 
file I don't see anything resembling a file format desc (in fact the 
file has < 30 including comments). Am I looking in the wrong place 
(src/output-plugins directory of the 2.3.0 distribution). Would I find 
the description in an older revision of this file (appears that I'm 
looking at v1.9), or where else might I find the documentation on how 
that file is layed out? I might be able to figure it out by looking at 
the input processors for mudpit and/or barnyard, but my C is terribly 
rusty so I'd prefer to have some documentation. If anyone can point me 
in the right direction it'd be greatly appreciated. thanx,

</rob>

---------------------------------------------------
Robert M. Baxter
Sr. Security Analyst
Xapiens Corporation
---------------------------------------------------




More information about the Snort-users mailing list