[Snort-users] Converting ASCII logs to Unified Format

Esler, Joel CNTR/Sytex joel.esler at ...9426...
Mon Mar 14 08:25:31 EST 2005


So, I am guessing that you can an alert file you want to convert?

On Mon, 2005-03-14 at 08:19 -0800, Jim O'Leary wrote:

> I should clarify that I was given the Snort log files from an external
> source, not from my own Snort.conf. I need to convert these text files
> into unified so Barnyard can stick them into MySQL.
> 
>         -----Original Message-----
>         From: Esler, Joel CNTR/Sytex [mailto:joel.esler at ...13173...
>         s.army.mil] 
>         Sent: Monday, March 14, 2005 8:16 AM
>         To: Jim O'Leary
>         Cc: snort-users at lists.sourceforge.net
>         Subject: Re: [Snort-users] Converting ASCII logs to Unified
>         Format
>         
>         
>         Unified format is completely different from the ASCII log.  I
>         would double check your Snort.conf settings.
>         
>         J
>         
>         On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary wrote:
>         
>         > I have Snort set up so that it outputs logs and alerts to
>         > the binary "unified" format. I also have barnyard set  up so
>         > that it reads those binary files and sticks them into a
>         > MySQL database. 
>         >  
>         > The problem is, I've been given a group of Snort output
>         > files that are in the ASCII format.  How do I convert these
>         > files to "unified" so I can get barnyard to stick them into
>         > MySQL?
>         >  
>         > Thanks 
>         
>         -- 
>         Esler, Joel CNTR/Sytex <joel.esler at ...9426...> 

-- 
Esler, Joel CNTR/Sytex <joel.esler at ...9426...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050314/fa03a806/attachment.html>


More information about the Snort-users mailing list