[Snort-users] Extracting Snort alerts from DB

Peter Bates peter.bates at ...15381...
Tue Dec 18 07:54:34 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 18/12/2012 12:03, elof at ...6680... wrote:
> In short:
> I recommend you to extract the full packet as-is directly from the unified2 file or from the pcap-file that barnyard2 create instead of gluing together the chopped pieces from the database.

I've got a lot of u2 files (from many instances) but
this does seem a lot easier.

I haven't got BY2 writing pcaps but can use u2boat to get what I need.

Thanks to Elof!

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ0GeKAAoJELhVoVpEMS6RtfgH/0uP0Mou8VnDJkAGOjeAZcDa
9xvFYRA8KeqR10agIAYEOVJ/vnCYi8GvJ/btcd/SbtP7SPOCZ7L9O+iHLrN2w2gl
OZqEqgjZ8bvaTefW2b4S1sAH/S88LSILsrEhwv+ZD60FOTJ8a8ko4Cidqwy7gpBW
hKb2Hj9vrTyjmPU1izJQHe4GkQqt0aAJoazPNUW8lrwFspac0p8Czu5a5Gmtr18d
9xhDzxrYkbNTnNUi8p0otftcVDbK1jBAeGRfnH4xbjgyNVfRFMZGcqnIqOp8vKgv
guFlywx8Tj0YSambjb6Usm71l0qiGZ91ugcbDWKMdKhXfyK6+MS2ABVUKpBJ5kU=
=hfK6
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list