[Snort-users] Converting ASCII logs to Unified Format

Esler, Joel CNTR/Sytex joel.esler at ...9426...
Mon Mar 14 08:58:00 EST 2005


To my knowledge, you can't.  

On Mon, 2005-03-14 at 08:29 -0800, Jim O'Leary wrote:

> That's right, I have several alert files in valid Snort text output. I
> need to convert these alert files into Snort's unified format.
>  
>  
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Esler, Joel CNTR/Sytex
> Sent: Monday, March 14, 2005 8:25 AM
> To: Jim O'Leary
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Converting ASCII logs to Unified Format
> 
> 
> 
>         So, I am guessing that you can an alert file you want to
>         convert?
>         
>         On Mon, 2005-03-14 at 08:19 -0800, Jim O'Leary wrote:
>         
>         > I should clarify that I was given the Snort log files
>         > from an external source, not from my own Snort.conf. I need
>         > to convert these text files into unified so Barnyard can
>         > stick them into MySQL.
>         > 
>         >         -----Original Message-----
>         >         From: Esler, Joel CNTR/Sytex
>         >         [mailto:joel.esler at ...9426...] 
>         >         Sent: Monday, March 14, 2005 8:16 AM
>         >         To: Jim O'Leary
>         >         Cc: snort-users at lists.sourceforge.net
>         >         Subject: Re: [Snort-users] Converting ASCII logs to
>         >         Unified Format
>         >         
>         >         
>         >         Unified format is completely different from the
>         >         ASCII log.  I would double check your Snort.conf
>         >         settings.
>         >         
>         >         J
>         >         
>         >         On Sat, 2005-03-12 at 22:03 -0800, Jim O'Leary
>         >         wrote:
>         >         
>         >         > I have Snort set up so that it outputs logs and
>         >         > alerts to the binary "unified" format. I also have
>         >         > barnyard set  up so that it reads those binary
>         >         > files and sticks them into a MySQL database. 
>         >         >  
>         >         > The problem is, I've been given a group of Snort
>         >         > output files that are in the ASCII format.  How do
>         >         > I convert these files to "unified" so I can get
>         >         > barnyard to stick them into MySQL?
>         >         >  
>         >         > Thanks 
>         >         
>         >         -- 
>         >         Esler, Joel CNTR/Sytex <joel.esler at ...13173...
>         >         s.army.mil> 
>         
>         -- 
>         Esler, Joel CNTR/Sytex <joel.esler at ...9426...> 

-- 
Esler, Joel CNTR/Sytex <joel.esler at ...9426...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050314/36845772/attachment.html>


More information about the Snort-users mailing list