[Snort-users] Unified snort logs to text?

beenph beenph at ...11827...
Mon Dec 17 15:43:31 EST 2012


On Mon, Dec 17, 2012 at 3:30 PM, Steve Marotta <smarotta at ...16014...> wrote:
>
> Is there a way to use Barnyard to simply take the unified logs that Snort
produces in NIDS mode and turn them into text files? I see that Barnyard
reads the data into a database; I don't need all of that, just something to
generate a text file with a list of high-level network events.
>
>

In barnyard2.conf example distributed with the source.

This might be what your looking for.


# alert_fast
#
----------------------------------------------------------------------------
# Purpose: Converts data to an approximation of Snort's "fast alert" mode.
#
# Arguments: file <file>, stdout
# arguments should be comma delimited.
# file - specifiy alert file
# stdout - no alert file, just print to screen
#
# Examples:
# output alert_fast
# output alert_fast: stdout
#
output alert_fast: stdout

-elz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121217/725f7fd9/attachment.html>


More information about the Snort-users mailing list