[Snort-users] Unified Log Format
Mario D. Santana
mds at ...13379...
Tue Jun 28 12:53:04 EDT 2005
Hi, all. I've written a patch to Ethereal to allow it to load unified
output and display the alert information as a top-level protocol. This
lets you do things like search agains snort.sig_generator, etc.
I'm not sure if this email should go to snort-dev, but I thought I'd give
it a shot here first. BTW, if anyone wants to try out the patch, let me
The patch is pretty functional, but I've run into a couple of snags.
One of these seems to be related to the "fake" packets generated by snort
to identify port scans. But sometimes strange things happen, such as
finding signal IDs of 527 for generator ID 1 -- is this valid?
I've looked through the snort manual, the code, and other likely places.
Any help or pointers would be appreciated.
More information about the Snort-users