[Snort-users] Extracting ip address

waldo kitty wkitty42 at ...14940...
Wed Apr 17 12:56:18 EDT 2013


On 4/17/2013 05:22, Lloyd wrote:
> open the log file in wireshark, you can see the ip address.

if the files in question are snort.log.xxxxxxxxxxxxxx type, then this would work 
since they are actually pcap files and not ascii text files as most log files are ;)

i don't find the original post here so i can go back to it but i have to wonder 
exactly what log files the OP is speaking of... there's also the default alert 
file which is plain ascii text and human readable as well as esaily parsed with 
perl and other text manipulating tools :)

> On Wed, Apr 17, 2013 at 12:02 PM, Prathibha P G <prathibhapg at ...11827...
> <mailto:prathibhapg at ...11827...>> wrote:
>
>     How to extract source ip address and estination ip address from snort log
>     files.kindly help me

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list