[Snort-users] Unified Log Format

Mario D. Santana mds at ...13379...
Tue Jun 28 12:53:04 EDT 2005


Hi, all.  I've written a patch to Ethereal to allow it to load unified 
output and display the alert information as a top-level protocol.  This 
lets you do things like search agains snort.sig_generator, etc.

I'm not sure if this email should go to snort-dev, but I thought I'd give 
it a shot here first.  BTW, if anyone wants to try out the patch, let me 
know off-list.

The patch is pretty functional, but I've run into a couple of snags. 
One of these seems to be related to the "fake" packets generated by snort 
to identify port scans.  But sometimes strange things happen, such as 
finding signal IDs of 527 for generator ID 1 -- is this valid?

I've looked through the snort manual, the code, and other likely places. 
Any help or pointers would be appreciated.

TIA,
mds




More information about the Snort-users mailing list