[Snort-users] new unified2 parser - requesting logs

Paul Meserve pmeserve at ...11827...
Wed May 27 07:22:07 EDT 2009

We're developing a new open source log parser for snort unified2 logs,  
written in ruby. Our goal is to provide easy access to the actual  
structured data inside the logs for analysis or export (to a database  
or other central log store, with whatever schema you choose)

If anyone has examples of "real world" unified2 logs they'd be willing  
to share with us, we'd very much appreciate it for purposes of testing  
the library's speed and compatibility issues with normal datasets

If you have logs you could send, please e-mail me directly. If the log  
is under 20MB you can attach it to the email, otherwise a URL to it  
would be appreciated. Let me know your platform and version of snort  
as well, and also if you'd be willing for snippets of the log to be  
included in the unit tests for the parser(i.e. released open source)


We'll announce when a ruby gem for the parser is available

Paul Meserve

More information about the Snort-users mailing list